https://github.com/DavidKorczynski created https://github.com/llvm/llvm-project/pull/77703
OSS-Fuzz has reported for a bit of time (since early 2020) a couple of NULL dereferences due to the Info reference becoming a reference to a NULL pointer. Am not entirely sure if this is the desired fix since NULL checking on reference may not be considered a great practice, but am submitting for review in case it's acceptable. Fixes: - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20946 - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20938 >From a5381b9a29ba20f22499307a1303ba61dffc0a50 Mon Sep 17 00:00:00 2001 From: David Korczynski <da...@adalogics.com> Date: Wed, 10 Jan 2024 15:35:04 -0800 Subject: [PATCH] [Clang][Sema] Fix NULL dereferences for invalid references OSS-Fuzz has reported for a bit of time (since early 2020) a couple of NULL dereferences due to the Info reference becoming a reference to a NULL pointer. Am not entirely sure if this is the desired fix since NULL checking on reference may not be considered a great practice, but am submitting for review in case it's acceptable. Fixes: - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20946 - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20938 Signed-off-by: David Korczynski <da...@adalogics.com> --- clang/include/clang/Sema/ParsedAttr.h | 7 ++++++- clang/lib/Sema/SemaType.cpp | 3 +++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/clang/include/clang/Sema/ParsedAttr.h b/clang/include/clang/Sema/ParsedAttr.h index 8c0edca1ebc5ee..70877f8c45cec2 100644 --- a/clang/include/clang/Sema/ParsedAttr.h +++ b/clang/include/clang/Sema/ParsedAttr.h @@ -342,7 +342,12 @@ class ParsedAttr final return IsProperty; } - bool isInvalid() const { return Invalid; } + bool isInvalid() const { + if (&Info == NULL) { + Invalid = true; + } + return Invalid; + } void setInvalid(bool b = true) const { Invalid = b; } bool hasProcessingCache() const { return HasProcessingCache; } diff --git a/clang/lib/Sema/SemaType.cpp b/clang/lib/Sema/SemaType.cpp index a376f20fa4f4e0..40abb3a197faa5 100644 --- a/clang/lib/Sema/SemaType.cpp +++ b/clang/lib/Sema/SemaType.cpp @@ -4240,6 +4240,9 @@ IdentifierInfo *Sema::getNSErrorIdent() { /// attribute list. static bool hasNullabilityAttr(const ParsedAttributesView &attrs) { for (const ParsedAttr &AL : attrs) { + if (AL.isInvalid()) { + continue; + } if (AL.getKind() == ParsedAttr::AT_TypeNonNull || AL.getKind() == ParsedAttr::AT_TypeNullable || AL.getKind() == ParsedAttr::AT_TypeNullableResult || _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
