This is an archive of the discontinued LLVM Phabricator instance.

Differential D26646

Avoid calling std::memcmp with nullptr
ClosedPublic

Authored by vitalybuka on Nov 14 2016, 3:51 PM.

Details

Reviewers
ruiu
zturner
Commits
rG3ee54a693394: Avoid calling std::memcmp with nullptr
rL286910: Avoid calling std::memcmp with nullptr
Summary

UBSAN complains that this is undefined behavior.

We can assume that empty substring (N==1) always satisfy conditions. So
std::memcmp will be called only only for N > 1 and Str.size() > 0.

Diff Detail

Event Timeline

vitalybuka updated this revision to Diff 77903.Nov 14 2016, 3:51 PM
vitalybuka retitled this revision from to Avoid calling std::memcmp with nullptr.
vitalybuka updated this object.
vitalybuka added reviewers: ruiu, zturner.
vitalybuka added a subscriber: llvm-commits.
zturner added inline comments.Nov 14 2016, 3:54 PM
include/llvm/ADT/StringSwitch.h
76

I don't think this second assert is valid. Consider this code:

char dir[MAX_PATH];
sprintf(dir, "%s/%s", parent, child);
auto X = StringSwitch<int>(MyPath).Case(dir, 1);

There is no guarantee what is the value of S[N-1]

ruiu edited edge metadata.Nov 14 2016, 3:57 PM

Do you mean that if it is called with "", such as StartsWith("", foo), S becomes a nullptr?

zturner edited edge metadata.Nov 14 2016, 4:01 PM
In D26646#595108, @ruiu wrote:

Do you mean that if it is called with "", such as StartsWith("", foo), S becomes a nullptr?

Were you asking me? My comment is just saying that string literal is not the only way to invoke this overload. You can invoke it with a char array too, and strlen(char_array) is not guaranteed to be the same as sizeof(char_array) - 1.

ruiu added a comment.Nov 14 2016, 4:03 PM

No, I was asking Vitaly. The commit message says that "Avoid calling std::memcmp with nullptr", but I don't understand how can a nullptr be passed to memcmp.

vitalybuka added a comment.Nov 14 2016, 4:03 PM

If Str is empty then Str.data() will be nullptr

vitalybuka updated this revision to Diff 77909.Nov 14 2016, 4:05 PM
vitalybuka edited edge metadata.

Removed assert(S[N-1] == '\0')

vitalybuka marked an inline comment as done.Nov 14 2016, 4:05 PM
zturner accepted this revision.Nov 14 2016, 4:09 PM
zturner edited edge metadata.
This revision is now accepted and ready to land.Nov 14 2016, 4:09 PM
Closed by commit rL286910: Avoid calling std::memcmp with nullptr (authored by vitalybuka). · Explain WhyNov 14 2016, 4:11 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
include/
llvm/
ADT/
12 lines

Diff 77903

include/llvm/ADT/StringSwitch.h

Show First 20 LinesShow All 66 Lines▼ Show 20 Linespublic:
} }
~StringSwitch() = default; ~StringSwitch() = default;
// Case-sensitive case matchers // Case-sensitive case matchers
template<unsigned N> template<unsigned N>
LLVM_ATTRIBUTE_ALWAYS_INLINE LLVM_ATTRIBUTE_ALWAYS_INLINE
StringSwitch& Case(const char (&S)[N], const T& Value) { StringSwitch& Case(const char (&S)[N], const T& Value) {
assert(N);
assert(S[N-1] == '\0');
zturnerUnsubmitted
Done
ReplyInline Actions

I don't think this second assert is valid. Consider this code:

char dir[MAX_PATH];
sprintf(dir, "%s/%s", parent, child);
auto X = StringSwitch<int>(MyPath).Case(dir, 1);

There is no guarantee what is the value of S[N-1]

zturner: I don't think this second assert is valid. Consider this code: ``` char dir[MAX_PATH]…
if (!Result && N-1 == Str.size() && if (!Result && N-1 == Str.size() &&
(std::memcmp(S, Str.data(), N-1) == 0)) { (N == 1 || std::memcmp(S, Str.data(), N-1) == 0)) {
Result = &Value; Result = &Value;
} }
return *this; return *this;
} }
template<unsigned N> template<unsigned N>
LLVM_ATTRIBUTE_ALWAYS_INLINE LLVM_ATTRIBUTE_ALWAYS_INLINE
StringSwitch& EndsWith(const char (&S)[N], const T &Value) { StringSwitch& EndsWith(const char (&S)[N], const T &Value) {
assert(N);
assert(S[N-1] == '\0');
if (!Result && Str.size() >= N-1 && if (!Result && Str.size() >= N-1 &&
std::memcmp(S, Str.data() + Str.size() + 1 - N, N-1) == 0) { (N == 1 || std::memcmp(S, Str.data() + Str.size() + 1 - N, N-1) == 0)) {
Result = &Value; Result = &Value;
} }
return *this; return *this;
} }
template<unsigned N> template<unsigned N>
LLVM_ATTRIBUTE_ALWAYS_INLINE LLVM_ATTRIBUTE_ALWAYS_INLINE
StringSwitch& StartsWith(const char (&S)[N], const T &Value) { StringSwitch& StartsWith(const char (&S)[N], const T &Value) {
assert(N);
assert(S[N-1] == '\0');
if (!Result && Str.size() >= N-1 && if (!Result && Str.size() >= N-1 &&
std::memcmp(S, Str.data(), N-1) == 0) { (N == 1 || std::memcmp(S, Str.data(), N-1) == 0)) {
Result = &Value; Result = &Value;
} }
return *this; return *this;
} }
template<unsigned N0, unsigned N1> template<unsigned N0, unsigned N1>
LLVM_ATTRIBUTE_ALWAYS_INLINE LLVM_ATTRIBUTE_ALWAYS_INLINE
StringSwitch &Cases(const char (&S0)[N0], const char (&S1)[N1], StringSwitch &Cases(const char (&S0)[N0], const char (&S1)[N1],
▲ Show 20 LinesShow All 152 LinesShow Last 20 Lines