This is an archive of the discontinued LLVM Phabricator instance.

Differential D6151

Fix invalid memory access in llvm-mc if file ends in non-newline whitespace or comma
ClosedPublic

Authored by colinl on Nov 6 2014, 12:30 PM.

Details

Reviewers
rafael
Summary

Str may be empty after .find_first_not_of(" \t\r,") and the following Str[0] accesses invalid memory.

Diff Detail

Event Timeline

colinl updated this revision to Diff 15886.Nov 6 2014, 12:30 PM
colinl retitled this revision from to Fix invalid memory access in llvm-mc if file ends in non-newline whitespace or comma.
colinl updated this object.
colinl edited the test plan for this revision. (Show Details)
colinl set the repository for this revision to rL LLVM.
colinl added a subscriber: Unknown Object (MLST).
rafael added a subscriber: rafael.Nov 6 2014, 1:24 PM

Don't we also have to handle npos?

colinl added a comment.Nov 6 2014, 1:39 PM

It looks like substr accepts npos as a start and returns the empty string

/ \param Start The index of the starting character in the substring; if
/ the index is npos or greater than the length of the string then the
/// empty substring will be returned.

rafael added a subscriber: t.p.northover.Nov 6 2014, 1:56 PM
rafael added a comment.Nov 6 2014, 2:04 PM

I find the code a bit hard to read as written.

can we rewrite it to be just a series of "if (not interesting) { eat; continue to see if there is more;}"? Something like

static bool SkipToToken(StringRef &Str) {

for (;;) {
  if (Str.empty())
    return false;

  // Strip horizontal whitespace and commas.                                   
  if (size_t Pos = Str.find_first_not_of(" \t\r,")) {
    Str = Str.substr(Pos);
    continue;
  }

  if (Str[0] == '#') {
    Str = Str.substr(Str.find_first_of('\n'));
    continue;
  }

  if (Str[0] == '\n') {
    Str = Str.substr(1);
    continue;
  }

  return true;
}

}

colinl updated this revision to Diff 15899.Nov 6 2014, 3:48 PM

Agreed that loop is a little difficult.

It looks like we can also move the check for '\n' in to the find_first_not_of check.

colinl added a reviewer: rafael.Nov 7 2014, 11:26 AM
colinl added a comment.Nov 10 2014, 8:43 AM

If this looks good I'll submit it.

rafael accepted this revision.Nov 10 2014, 10:30 AM
rafael edited edge metadata.

LGTM

This revision is now accepted and ready to land.Nov 10 2014, 10:30 AM
colinl closed this revision.Nov 13 2014, 8:43 AM

Submitted.

Revision Contents

PathSize
test/
tools/
llvm-mc/
line_end_with_space.test
line_end_with_space.test (revision 0)
2 lines
tools/
llvm-mc/
Disassembler.cpp
Disassembler.cpp (revision 221463)
24 lines

Diff 15899

test/tools/llvm-mc/line_end_with_space.test

RUN: llvm-mc -disassemble %s
No newline at end of file

tools/llvm-mc/Disassembler.cpp

Context not available.
} }
static bool SkipToToken(StringRef &Str) { static bool SkipToToken(StringRef &Str) {
while (!Str.empty() && Str.find_first_not_of(" \t\r\n#,") != 0) { for (;;) {
if (Str.empty())
return false;
// Strip horizontal whitespace and commas. // Strip horizontal whitespace and commas.
if (size_t Pos = Str.find_first_not_of(" \t\r,")) { if (size_t Pos = Str.find_first_not_of(" \t\r\n,")) {
Str = Str.substr(Pos); Str = Str.substr(Pos);
continue;
} }
// If this is the end of a line or start of a comment, remove the rest of // If this is the start of a comment, remove the rest of the line.
// the line. if (Str[0] == '#') {
if (Str[0] == '\n' || Str[0] == '#') {
// Strip to the end of line if we already processed any bytes on this
// line. This strips the comment and/or the \n.
if (Str[0] == '\n') {
Str = Str.substr(1);
} else {
Str = Str.substr(Str.find_first_of('\n')); Str = Str.substr(Str.find_first_of('\n'));
if (!Str.empty())
Str = Str.substr(1);
}
continue; continue;
} }
return true;
} }
return !Str.empty();
} }
Context not available.