Re: r322390 - [Lex] Avoid out-of-bounds dereference in LexAngledStringLiteral.
Merged in r322649.
(Richard, please shout if you object to the merging; I figured since
you lgtm'ed it, this would be fine.)
On Fri, Jan 12, 2018 at 8:43 PM, Volodymyr Sapsai wrote:
> Hans, I am nominating this change to be merged into 6.0.0 release branch.
>
> Thanks,
> Volodymyr
>
>> On Jan 12, 2018, at 10:54, Volodymyr Sapsai via cfe-commits
>> wrote:
>>
>> Author: vsapsai
>> Date: Fri Jan 12 10:54:35 2018
>> New Revision: 322390
>>
>> URL: http://llvm.org/viewvc/llvm-project?rev=322390&view=rev
>> Log:
>> [Lex] Avoid out-of-bounds dereference in LexAngledStringLiteral.
>>
>> Fix makes the loop in LexAngledStringLiteral more like the loops in
>> LexStringLiteral, LexCharConstant. When we skip a character after
>> backslash, we need to check if we reached the end of the file instead of
>> reading the next character unconditionally.
>>
>> Discovered by OSS-Fuzz:
>> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3832
>>
>> rdar://problem/35572754
>>
>> Reviewers: arphaman, kcc, rsmith, dexonsmith
>>
>> Reviewed By: rsmith, dexonsmith
>>
>> Subscribers: cfe-commits, rsmith, dexonsmith
>>
>> Differential Revision: https://reviews.llvm.org/D41423
>>
>> Added:
>>cfe/trunk/test/Lexer/null-character-in-literal.c (with props)
>> Modified:
>>cfe/trunk/lib/Lex/Lexer.cpp
>>cfe/trunk/unittests/Lex/LexerTest.cpp
>>
>> Modified: cfe/trunk/lib/Lex/Lexer.cpp
>> URL:
>> http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Lex/Lexer.cpp?rev=322390&r1=322389&r2=322390&view=diff
>> ==
>> --- cfe/trunk/lib/Lex/Lexer.cpp (original)
>> +++ cfe/trunk/lib/Lex/Lexer.cpp Fri Jan 12 10:54:35 2018
>> @@ -2009,18 +2009,21 @@ bool Lexer::LexAngledStringLiteral(Token
>> const char *AfterLessPos = CurPtr;
>> char C = getAndAdvanceChar(CurPtr, Result);
>> while (C != '>') {
>> -// Skip escaped characters.
>> -if (C == '\\' && CurPtr < BufferEnd) {
>> - // Skip the escaped character.
>> - getAndAdvanceChar(CurPtr, Result);
>> -} else if (C == '\n' || C == '\r' || // Newline.
>> - (C == 0 && (CurPtr-1 == BufferEnd || // End of file.
>> - isCodeCompletionPoint(CurPtr-1 {
>> +// Skip escaped characters. Escaped newlines will already be processed
>> by
>> +// getAndAdvanceChar.
>> +if (C == '\\')
>> + C = getAndAdvanceChar(CurPtr, Result);
>> +
>> +if (C == '\n' || C == '\r' || // Newline.
>> +(C == 0 && (CurPtr-1 == BufferEnd || // End of file.
>> +isCodeCompletionPoint(CurPtr-1 {
>> // If the filename is unterminated, then it must just be a lone <
>> // character. Return this as such.
>> FormTokenWithChars(Result, AfterLessPos, tok::less);
>> return true;
>> -} else if (C == 0) {
>> +}
>> +
>> +if (C == 0) {
>> NulCharacter = CurPtr-1;
>> }
>> C = getAndAdvanceChar(CurPtr, Result);
>>
>> Added: cfe/trunk/test/Lexer/null-character-in-literal.c
>> URL:
>> http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Lexer/null-character-in-literal.c?rev=322390&view=auto
>> ==
>> Binary file - no diff available.
>>
>> Propchange: cfe/trunk/test/Lexer/null-character-in-literal.c
>> --
>>svn:mime-type = application/octet-stream
>>
>> Modified: cfe/trunk/unittests/Lex/LexerTest.cpp
>> URL:
>> http://llvm.org/viewvc/llvm-project/cfe/trunk/unittests/Lex/LexerTest.cpp?rev=322390&r1=322389&r2=322390&view=diff
>> ==
>> --- cfe/trunk/unittests/Lex/LexerTest.cpp (original)
>> +++ cfe/trunk/unittests/Lex/LexerTest.cpp Fri Jan 12 10:54:35 2018
>> @@ -475,6 +475,8 @@ TEST_F(LexerTest, GetBeginningOfTokenWit
>>
>> TEST_F(LexerTest, AvoidPastEndOfStringDereference) {
>> EXPECT_TRUE(Lex(" // \\\n").empty());
>> + EXPECT_TRUE(Lex("#include <").empty());
>> + EXPECT_TRUE(Lex("#include <\n").empty());
>> }
>>
>> TEST_F(LexerTest, StringizingRasString) {
>>
>>
>> ___
>> cfe-commits mailing list
>> cfe-commits@lists.llvm.org
>> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
>
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
Re: r322390 - [Lex] Avoid out-of-bounds dereference in LexAngledStringLiteral.
Hans, I am nominating this change to be merged into 6.0.0 release branch.
Thanks,
Volodymyr
> On Jan 12, 2018, at 10:54, Volodymyr Sapsai via cfe-commits
> wrote:
>
> Author: vsapsai
> Date: Fri Jan 12 10:54:35 2018
> New Revision: 322390
>
> URL: http://llvm.org/viewvc/llvm-project?rev=322390&view=rev
> Log:
> [Lex] Avoid out-of-bounds dereference in LexAngledStringLiteral.
>
> Fix makes the loop in LexAngledStringLiteral more like the loops in
> LexStringLiteral, LexCharConstant. When we skip a character after
> backslash, we need to check if we reached the end of the file instead of
> reading the next character unconditionally.
>
> Discovered by OSS-Fuzz:
> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3832
>
> rdar://problem/35572754
>
> Reviewers: arphaman, kcc, rsmith, dexonsmith
>
> Reviewed By: rsmith, dexonsmith
>
> Subscribers: cfe-commits, rsmith, dexonsmith
>
> Differential Revision: https://reviews.llvm.org/D41423
>
> Added:
>cfe/trunk/test/Lexer/null-character-in-literal.c (with props)
> Modified:
>cfe/trunk/lib/Lex/Lexer.cpp
>cfe/trunk/unittests/Lex/LexerTest.cpp
>
> Modified: cfe/trunk/lib/Lex/Lexer.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Lex/Lexer.cpp?rev=322390&r1=322389&r2=322390&view=diff
> ==
> --- cfe/trunk/lib/Lex/Lexer.cpp (original)
> +++ cfe/trunk/lib/Lex/Lexer.cpp Fri Jan 12 10:54:35 2018
> @@ -2009,18 +2009,21 @@ bool Lexer::LexAngledStringLiteral(Token
> const char *AfterLessPos = CurPtr;
> char C = getAndAdvanceChar(CurPtr, Result);
> while (C != '>') {
> -// Skip escaped characters.
> -if (C == '\\' && CurPtr < BufferEnd) {
> - // Skip the escaped character.
> - getAndAdvanceChar(CurPtr, Result);
> -} else if (C == '\n' || C == '\r' || // Newline.
> - (C == 0 && (CurPtr-1 == BufferEnd || // End of file.
> - isCodeCompletionPoint(CurPtr-1 {
> +// Skip escaped characters. Escaped newlines will already be processed
> by
> +// getAndAdvanceChar.
> +if (C == '\\')
> + C = getAndAdvanceChar(CurPtr, Result);
> +
> +if (C == '\n' || C == '\r' || // Newline.
> +(C == 0 && (CurPtr-1 == BufferEnd || // End of file.
> +isCodeCompletionPoint(CurPtr-1 {
> // If the filename is unterminated, then it must just be a lone <
> // character. Return this as such.
> FormTokenWithChars(Result, AfterLessPos, tok::less);
> return true;
> -} else if (C == 0) {
> +}
> +
> +if (C == 0) {
> NulCharacter = CurPtr-1;
> }
> C = getAndAdvanceChar(CurPtr, Result);
>
> Added: cfe/trunk/test/Lexer/null-character-in-literal.c
> URL:
> http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Lexer/null-character-in-literal.c?rev=322390&view=auto
> ==
> Binary file - no diff available.
>
> Propchange: cfe/trunk/test/Lexer/null-character-in-literal.c
> --
>svn:mime-type = application/octet-stream
>
> Modified: cfe/trunk/unittests/Lex/LexerTest.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/cfe/trunk/unittests/Lex/LexerTest.cpp?rev=322390&r1=322389&r2=322390&view=diff
> ==
> --- cfe/trunk/unittests/Lex/LexerTest.cpp (original)
> +++ cfe/trunk/unittests/Lex/LexerTest.cpp Fri Jan 12 10:54:35 2018
> @@ -475,6 +475,8 @@ TEST_F(LexerTest, GetBeginningOfTokenWit
>
> TEST_F(LexerTest, AvoidPastEndOfStringDereference) {
> EXPECT_TRUE(Lex(" // \\\n").empty());
> + EXPECT_TRUE(Lex("#include <").empty());
> + EXPECT_TRUE(Lex("#include <\n").empty());
> }
>
> TEST_F(LexerTest, StringizingRasString) {
>
>
> ___
> cfe-commits mailing list
> cfe-commits@lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
r322390 - [Lex] Avoid out-of-bounds dereference in LexAngledStringLiteral.
Author: vsapsai
Date: Fri Jan 12 10:54:35 2018
New Revision: 322390
URL: http://llvm.org/viewvc/llvm-project?rev=322390&view=rev
Log:
[Lex] Avoid out-of-bounds dereference in LexAngledStringLiteral.
Fix makes the loop in LexAngledStringLiteral more like the loops in
LexStringLiteral, LexCharConstant. When we skip a character after
backslash, we need to check if we reached the end of the file instead of
reading the next character unconditionally.
Discovered by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3832
rdar://problem/35572754
Reviewers: arphaman, kcc, rsmith, dexonsmith
Reviewed By: rsmith, dexonsmith
Subscribers: cfe-commits, rsmith, dexonsmith
Differential Revision: https://reviews.llvm.org/D41423
Added:
cfe/trunk/test/Lexer/null-character-in-literal.c (with props)
Modified:
cfe/trunk/lib/Lex/Lexer.cpp
cfe/trunk/unittests/Lex/LexerTest.cpp
Modified: cfe/trunk/lib/Lex/Lexer.cpp
URL:
http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Lex/Lexer.cpp?rev=322390&r1=322389&r2=322390&view=diff
==
--- cfe/trunk/lib/Lex/Lexer.cpp (original)
+++ cfe/trunk/lib/Lex/Lexer.cpp Fri Jan 12 10:54:35 2018
@@ -2009,18 +2009,21 @@ bool Lexer::LexAngledStringLiteral(Token
const char *AfterLessPos = CurPtr;
char C = getAndAdvanceChar(CurPtr, Result);
while (C != '>') {
-// Skip escaped characters.
-if (C == '\\' && CurPtr < BufferEnd) {
- // Skip the escaped character.
- getAndAdvanceChar(CurPtr, Result);
-} else if (C == '\n' || C == '\r' || // Newline.
- (C == 0 && (CurPtr-1 == BufferEnd || // End of file.
- isCodeCompletionPoint(CurPtr-1 {
+// Skip escaped characters. Escaped newlines will already be processed by
+// getAndAdvanceChar.
+if (C == '\\')
+ C = getAndAdvanceChar(CurPtr, Result);
+
+if (C == '\n' || C == '\r' || // Newline.
+(C == 0 && (CurPtr-1 == BufferEnd || // End of file.
+isCodeCompletionPoint(CurPtr-1 {
// If the filename is unterminated, then it must just be a lone <
// character. Return this as such.
FormTokenWithChars(Result, AfterLessPos, tok::less);
return true;
-} else if (C == 0) {
+}
+
+if (C == 0) {
NulCharacter = CurPtr-1;
}
C = getAndAdvanceChar(CurPtr, Result);
Added: cfe/trunk/test/Lexer/null-character-in-literal.c
URL:
http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Lexer/null-character-in-literal.c?rev=322390&view=auto
==
Binary file - no diff available.
Propchange: cfe/trunk/test/Lexer/null-character-in-literal.c
--
svn:mime-type = application/octet-stream
Modified: cfe/trunk/unittests/Lex/LexerTest.cpp
URL:
http://llvm.org/viewvc/llvm-project/cfe/trunk/unittests/Lex/LexerTest.cpp?rev=322390&r1=322389&r2=322390&view=diff
==
--- cfe/trunk/unittests/Lex/LexerTest.cpp (original)
+++ cfe/trunk/unittests/Lex/LexerTest.cpp Fri Jan 12 10:54:35 2018
@@ -475,6 +475,8 @@ TEST_F(LexerTest, GetBeginningOfTokenWit
TEST_F(LexerTest, AvoidPastEndOfStringDereference) {
EXPECT_TRUE(Lex(" // \\\n").empty());
+ EXPECT_TRUE(Lex("#include <").empty());
+ EXPECT_TRUE(Lex("#include <\n").empty());
}
TEST_F(LexerTest, StringizingRasString) {
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
