Author: arphaman Date: Fri Oct 13 18:18:30 2017 New Revision: 315785 URL: http://llvm.org/viewvc/llvm-project?rev=315785&view=rev Log: [Lex] Avoid out-of-bounds dereference in SkipLineComment
Credit to OSS-Fuzz for discovery: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3145 rdar://34526482 Modified: cfe/trunk/lib/Lex/Lexer.cpp cfe/trunk/unittests/Lex/LexerTest.cpp Modified: cfe/trunk/lib/Lex/Lexer.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Lex/Lexer.cpp?rev=315785&r1=315784&r2=315785&view=diff ============================================================================== --- cfe/trunk/lib/Lex/Lexer.cpp (original) +++ cfe/trunk/lib/Lex/Lexer.cpp Fri Oct 13 18:18:30 2017 @@ -2144,7 +2144,8 @@ bool Lexer::SkipLineComment(Token &Resul // If we read multiple characters, and one of those characters was a \r or // \n, then we had an escaped newline within the comment. Emit diagnostic // unless the next line is also a // comment. - if (CurPtr != OldPtr+1 && C != '/' && CurPtr[0] != '/') { + if (CurPtr != OldPtr + 1 && C != '/' && + (CurPtr == BufferEnd + 1 || CurPtr[0] != '/')) { for (; OldPtr != CurPtr; ++OldPtr) if (OldPtr[0] == '\n' || OldPtr[0] == '\r') { // Okay, we found a // comment that ends in a newline, if the next Modified: cfe/trunk/unittests/Lex/LexerTest.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/unittests/Lex/LexerTest.cpp?rev=315785&r1=315784&r2=315785&view=diff ============================================================================== --- cfe/trunk/unittests/Lex/LexerTest.cpp (original) +++ cfe/trunk/unittests/Lex/LexerTest.cpp Fri Oct 13 18:18:30 2017 @@ -473,4 +473,9 @@ TEST_F(LexerTest, GetBeginningOfTokenWit } } +TEST_F(LexerTest, AvoidPastEndOfStringDereference) { + std::vector<Token> LexedTokens = Lex(" // \\\n"); + EXPECT_TRUE(LexedTokens.empty()); +} + } // anonymous namespace _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
