Commit d8f5d67c authored by Hans Wennborg's avatar Hans Wennborg
Browse files

Merging r322390: 

------------------------------------------------------------------------
r322390 | vsapsai | 2018-01-12 10:54:35 -0800 (Fri, 12 Jan 2018) | 20 lines

[Lex] Avoid out-of-bounds dereference in LexAngledStringLiteral.

Fix makes the loop in LexAngledStringLiteral more like the loops in
LexStringLiteral, LexCharConstant. When we skip a character after
backslash, we need to check if we reached the end of the file instead of
reading the next character unconditionally.

Discovered by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3832

rdar://problem/35572754

Reviewers: arphaman, kcc, rsmith, dexonsmith

Reviewed By: rsmith, dexonsmith

Subscribers: cfe-commits, rsmith, dexonsmith

Differential Revision: https://reviews.llvm.org/D41423

------------------------------------------------------------------------

llvm-svn: 322649
parent 8f38b5ed

clang/lib/Lex/Lexer.cpp

+11 −8
Original line number Diff line number Diff line
@@ -2009,18 +2009,21 @@ bool Lexer::LexAngledStringLiteral(Token &Result, const char *CurPtr) { 
  const char *AfterLessPos = CurPtr;

  char C = getAndAdvanceChar(CurPtr, Result);

  while (C != '>') {

    // Skip escaped characters.

    if (C == '\\' && CurPtr < BufferEnd) {

      // Skip the escaped character.

      getAndAdvanceChar(CurPtr, Result);

    } else if (C == '\n' || C == '\r' ||             // Newline.

    // Skip escaped characters.  Escaped newlines will already be processed by

    // getAndAdvanceChar.

    if (C == '\\')

      C = getAndAdvanceChar(CurPtr, Result);



    if (C == '\n' || C == '\r' ||             // Newline.

        (C == 0 && (CurPtr-1 == BufferEnd ||  // End of file.

                    isCodeCompletionPoint(CurPtr-1)))) {

      // If the filename is unterminated, then it must just be a lone <

      // character.  Return this as such.

      FormTokenWithChars(Result, AfterLessPos, tok::less);

      return true;

    } else if (C == 0) {

    }



    if (C == 0) {

      NulCharacter = CurPtr-1;

    }

    C = getAndAdvanceChar(CurPtr, Result);

clang/test/Lexer/null-character-in-literal.c

0 → 100644
+917 B

File added.

No diff preview for this file type.

View file

clang/unittests/Lex/LexerTest.cpp

+2 −0
Original line number Diff line number Diff line
@@ -476,6 +476,8 @@ TEST_F(LexerTest, GetBeginningOfTokenWithEscapedNewLine) { 
TEST_F(LexerTest, AvoidPastEndOfStringDereference) {

  std::vector<Token> LexedTokens = Lex("  //  \\\n");

  EXPECT_TRUE(LexedTokens.empty());

  EXPECT_TRUE(Lex("#include <\\\\").empty());

  EXPECT_TRUE(Lex("#include <\\\\\n").empty());

}



TEST_F(LexerTest, StringizingRasString) {