Hans, I am nominating this change to be merged into 6.0.0 release branch. Thanks, Volodymyr
> On Jan 12, 2018, at 10:54, Volodymyr Sapsai via cfe-commits > <cfe-commits@lists.llvm.org> wrote: > > Author: vsapsai > Date: Fri Jan 12 10:54:35 2018 > New Revision: 322390 > > URL: http://llvm.org/viewvc/llvm-project?rev=322390&view=rev > Log: > [Lex] Avoid out-of-bounds dereference in LexAngledStringLiteral. > > Fix makes the loop in LexAngledStringLiteral more like the loops in > LexStringLiteral, LexCharConstant. When we skip a character after > backslash, we need to check if we reached the end of the file instead of > reading the next character unconditionally. > > Discovered by OSS-Fuzz: > https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3832 > > rdar://problem/35572754 > > Reviewers: arphaman, kcc, rsmith, dexonsmith > > Reviewed By: rsmith, dexonsmith > > Subscribers: cfe-commits, rsmith, dexonsmith > > Differential Revision: https://reviews.llvm.org/D41423 > > Added: > cfe/trunk/test/Lexer/null-character-in-literal.c (with props) > Modified: > cfe/trunk/lib/Lex/Lexer.cpp > cfe/trunk/unittests/Lex/LexerTest.cpp > > Modified: cfe/trunk/lib/Lex/Lexer.cpp > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Lex/Lexer.cpp?rev=322390&r1=322389&r2=322390&view=diff > ============================================================================== > --- cfe/trunk/lib/Lex/Lexer.cpp (original) > +++ cfe/trunk/lib/Lex/Lexer.cpp Fri Jan 12 10:54:35 2018 > @@ -2009,18 +2009,21 @@ bool Lexer::LexAngledStringLiteral(Token > const char *AfterLessPos = CurPtr; > char C = getAndAdvanceChar(CurPtr, Result); > while (C != '>') { > - // Skip escaped characters. > - if (C == '\\' && CurPtr < BufferEnd) { > - // Skip the escaped character. > - getAndAdvanceChar(CurPtr, Result); > - } else if (C == '\n' || C == '\r' || // Newline. > - (C == 0 && (CurPtr-1 == BufferEnd || // End of file. > - isCodeCompletionPoint(CurPtr-1)))) { > + // Skip escaped characters. Escaped newlines will already be processed > by > + // getAndAdvanceChar. > + if (C == '\\') > + C = getAndAdvanceChar(CurPtr, Result); > + > + if (C == '\n' || C == '\r' || // Newline. > + (C == 0 && (CurPtr-1 == BufferEnd || // End of file. > + isCodeCompletionPoint(CurPtr-1)))) { > // If the filename is unterminated, then it must just be a lone < > // character. Return this as such. > FormTokenWithChars(Result, AfterLessPos, tok::less); > return true; > - } else if (C == 0) { > + } > + > + if (C == 0) { > NulCharacter = CurPtr-1; > } > C = getAndAdvanceChar(CurPtr, Result); > > Added: cfe/trunk/test/Lexer/null-character-in-literal.c > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Lexer/null-character-in-literal.c?rev=322390&view=auto > ============================================================================== > Binary file - no diff available. > > Propchange: cfe/trunk/test/Lexer/null-character-in-literal.c > ------------------------------------------------------------------------------ > svn:mime-type = application/octet-stream > > Modified: cfe/trunk/unittests/Lex/LexerTest.cpp > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/unittests/Lex/LexerTest.cpp?rev=322390&r1=322389&r2=322390&view=diff > ============================================================================== > --- cfe/trunk/unittests/Lex/LexerTest.cpp (original) > +++ cfe/trunk/unittests/Lex/LexerTest.cpp Fri Jan 12 10:54:35 2018 > @@ -475,6 +475,8 @@ TEST_F(LexerTest, GetBeginningOfTokenWit > > TEST_F(LexerTest, AvoidPastEndOfStringDereference) { > EXPECT_TRUE(Lex(" // \\\n").empty()); > + EXPECT_TRUE(Lex("#include <\\\\").empty()); > + EXPECT_TRUE(Lex("#include <\\\\\n").empty()); > } > > TEST_F(LexerTest, StringizingRasString) { > > > _______________________________________________ > cfe-commits mailing list > cfe-commits@lists.llvm.org > http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
