Merged in r322649. (Richard, please shout if you object to the merging; I figured since you lgtm'ed it, this would be fine.)
On Fri, Jan 12, 2018 at 8:43 PM, Volodymyr Sapsai <vsap...@apple.com> wrote: > Hans, I am nominating this change to be merged into 6.0.0 release branch. > > Thanks, > Volodymyr > >> On Jan 12, 2018, at 10:54, Volodymyr Sapsai via cfe-commits >> <cfe-commits@lists.llvm.org> wrote: >> >> Author: vsapsai >> Date: Fri Jan 12 10:54:35 2018 >> New Revision: 322390 >> >> URL: http://llvm.org/viewvc/llvm-project?rev=322390&view=rev >> Log: >> [Lex] Avoid out-of-bounds dereference in LexAngledStringLiteral. >> >> Fix makes the loop in LexAngledStringLiteral more like the loops in >> LexStringLiteral, LexCharConstant. When we skip a character after >> backslash, we need to check if we reached the end of the file instead of >> reading the next character unconditionally. >> >> Discovered by OSS-Fuzz: >> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3832 >> >> rdar://problem/35572754 >> >> Reviewers: arphaman, kcc, rsmith, dexonsmith >> >> Reviewed By: rsmith, dexonsmith >> >> Subscribers: cfe-commits, rsmith, dexonsmith >> >> Differential Revision: https://reviews.llvm.org/D41423 >> >> Added: >> cfe/trunk/test/Lexer/null-character-in-literal.c (with props) >> Modified: >> cfe/trunk/lib/Lex/Lexer.cpp >> cfe/trunk/unittests/Lex/LexerTest.cpp >> >> Modified: cfe/trunk/lib/Lex/Lexer.cpp >> URL: >> http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Lex/Lexer.cpp?rev=322390&r1=322389&r2=322390&view=diff >> ============================================================================== >> --- cfe/trunk/lib/Lex/Lexer.cpp (original) >> +++ cfe/trunk/lib/Lex/Lexer.cpp Fri Jan 12 10:54:35 2018 >> @@ -2009,18 +2009,21 @@ bool Lexer::LexAngledStringLiteral(Token >> const char *AfterLessPos = CurPtr; >> char C = getAndAdvanceChar(CurPtr, Result); >> while (C != '>') { >> - // Skip escaped characters. >> - if (C == '\\' && CurPtr < BufferEnd) { >> - // Skip the escaped character. >> - getAndAdvanceChar(CurPtr, Result); >> - } else if (C == '\n' || C == '\r' || // Newline. >> - (C == 0 && (CurPtr-1 == BufferEnd || // End of file. >> - isCodeCompletionPoint(CurPtr-1)))) { >> + // Skip escaped characters. Escaped newlines will already be processed >> by >> + // getAndAdvanceChar. >> + if (C == '\\') >> + C = getAndAdvanceChar(CurPtr, Result); >> + >> + if (C == '\n' || C == '\r' || // Newline. >> + (C == 0 && (CurPtr-1 == BufferEnd || // End of file. >> + isCodeCompletionPoint(CurPtr-1)))) { >> // If the filename is unterminated, then it must just be a lone < >> // character. Return this as such. >> FormTokenWithChars(Result, AfterLessPos, tok::less); >> return true; >> - } else if (C == 0) { >> + } >> + >> + if (C == 0) { >> NulCharacter = CurPtr-1; >> } >> C = getAndAdvanceChar(CurPtr, Result); >> >> Added: cfe/trunk/test/Lexer/null-character-in-literal.c >> URL: >> http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Lexer/null-character-in-literal.c?rev=322390&view=auto >> ============================================================================== >> Binary file - no diff available. >> >> Propchange: cfe/trunk/test/Lexer/null-character-in-literal.c >> ------------------------------------------------------------------------------ >> svn:mime-type = application/octet-stream >> >> Modified: cfe/trunk/unittests/Lex/LexerTest.cpp >> URL: >> http://llvm.org/viewvc/llvm-project/cfe/trunk/unittests/Lex/LexerTest.cpp?rev=322390&r1=322389&r2=322390&view=diff >> ============================================================================== >> --- cfe/trunk/unittests/Lex/LexerTest.cpp (original) >> +++ cfe/trunk/unittests/Lex/LexerTest.cpp Fri Jan 12 10:54:35 2018 >> @@ -475,6 +475,8 @@ TEST_F(LexerTest, GetBeginningOfTokenWit >> >> TEST_F(LexerTest, AvoidPastEndOfStringDereference) { >> EXPECT_TRUE(Lex(" // \\\n").empty()); >> + EXPECT_TRUE(Lex("#include <\\\\").empty()); >> + EXPECT_TRUE(Lex("#include <\\\\\n").empty()); >> } >> >> TEST_F(LexerTest, StringizingRasString) { >> >> >> _______________________________________________ >> cfe-commits mailing list >> cfe-commits@lists.llvm.org >> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits > _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
