This is an archive of the discontinued LLVM Phabricator instance.

Differential D94950

[clang][lex] Speculative fix for buffer overrun on raw string parse
ClosedPublic

Authored by jansvoboda11 on Jan 19 2021, 12:33 AM.

Details

Reviewers
beccadax
Commits
rG23cc8ebf59c6: [clang][lex] Speculative fix for buffer overrun on raw string parse
Summary

This attempts to fix a (non-deterministic) buffer overrun when parsing raw string literals during modular build.

Similar fix to 4e5b5c36f47c9a406ea7f6b4f89fae477693973a.

Diff Detail

Event Timeline

jansvoboda11 requested review of this revision.Jan 19 2021, 12:33 AM
jansvoboda11 created this revision.
Herald added a project: Restricted Project. · View Herald TranscriptJan 19 2021, 12:33 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
jansvoboda11 added a reviewer: beccadax.Jan 19 2021, 12:34 AM
Harbormaster completed remote builds in B85674: Diff 317472.Jan 19 2021, 1:14 AM
jansvoboda11 retitled this revision from [clang] Speculative fix for buffer overrun on raw string parse to [clang][lex] Speculative fix for buffer overrun on raw string parse.Jan 26 2021, 11:59 PM
beccadax accepted this revision.Feb 23 2021, 1:58 PM

Looks good. Thanks for implementing this!

clang/lib/Lex/LiteralSupport.cpp
1651–1652

In your shoes, I would also have promoted this to a real check, but if you think that's overkill I'm fine with leaving it as it is.

This revision is now accepted and ready to land.Feb 23 2021, 1:58 PM
beccadax added inline comments.Feb 23 2021, 2:05 PM
clang/lib/Lex/LiteralSupport.cpp
1643

Nit: "16" is a magic number; it might be better to use a constant or comment to document its significance (raw strings can only have 16-character delimiters).

(I believe this is C++11 [lex.string]p2, but I've never written one of the citation comments you see in clang, so I'm not sure if you should cite a later standard.)

jansvoboda11 updated this revision to Diff 330647.Mar 15 2021, 7:10 AM

Implement suggested improvements

clang/lib/Lex/LiteralSupport.cpp
1643

Good point on the magic number, I'm going to extract that.

I'll check how the citations are written and add one here.

1651–1652

I think that's sensible, thanks!

This revision was landed with ongoing or failed builds.Mar 15 2021, 7:15 AM
Closed by commit rG23cc8ebf59c6: [clang][lex] Speculative fix for buffer overrun on raw string parse (authored by jansvoboda11). · Explain Why
This revision was automatically updated to reflect the committed changes.
jansvoboda11 added a commit: rG23cc8ebf59c6: [clang][lex] Speculative fix for buffer overrun on raw string parse.
Harbormaster completed remote builds in B93807: Diff 330647.Mar 15 2021, 7:51 AM

Revision Contents

PathSize
clang/
lib/
Lex/
16 lines

Diff 330650

clang/lib/Lex/LiteralSupport.cpp

Show First 20 LinesShow All 1,622 Lines▼ Show 20 Lines if (ThisTokBuf[0] == 'L' || ThisTokBuf[0] == 'u' || ThisTokBuf[0] == 'U') {
++ThisTokBuf; ++ThisTokBuf;
// Skip 8 of u8 marker for utf8 strings. // Skip 8 of u8 marker for utf8 strings.
if (ThisTokBuf[0] == '8') if (ThisTokBuf[0] == '8')
++ThisTokBuf; ++ThisTokBuf;
} }
// Check for raw string // Check for raw string
if (ThisTokBuf[0] == 'R') { if (ThisTokBuf[0] == 'R') {
if (ThisTokBuf[1] != '"') {
// The file may have come from PCH and then changed after loading the
// PCH; Fail gracefully.
return DiagnoseLexingError(StringToks[i].getLocation());
}
ThisTokBuf += 2; // skip R" ThisTokBuf += 2; // skip R"
// C++11 [lex.string]p2: A `d-char-sequence` shall consist of at most 16
// characters.
constexpr unsigned MaxRawStrDelimLen = 16;
const char *Prefix = ThisTokBuf; const char *Prefix = ThisTokBuf;
while (ThisTokBuf[0] != '(') while (ThisTokBuf - Prefix < MaxRawStrDelimLen && ThisTokBuf[0] != '(')
beccadaxUnsubmitted
Not Done
ReplyInline Actions

Nit: "16" is a magic number; it might be better to use a constant or comment to document its significance (raw strings can only have 16-character delimiters).

(I believe this is C++11 [lex.string]p2, but I've never written one of the citation comments you see in clang, so I'm not sure if you should cite a later standard.)

beccadax: Nit: "16" is a magic number; it might be better to use a constant or comment to document its…
jansvoboda11AuthorUnsubmitted
Done
ReplyInline Actions

Good point on the magic number, I'm going to extract that.

I'll check how the citations are written and add one here.

jansvoboda11: Good point on the magic number, I'm going to extract that. I'll check how the citations are…
++ThisTokBuf; ++ThisTokBuf;
if (ThisTokBuf[0] != '(')
return DiagnoseLexingError(StringToks[i].getLocation());
++ThisTokBuf; // skip '(' ++ThisTokBuf; // skip '('
// Remove same number of characters from the end // Remove same number of characters from the end
ThisTokEnd -= ThisTokBuf - Prefix; ThisTokEnd -= ThisTokBuf - Prefix;
assert(ThisTokEnd >= ThisTokBuf && "malformed raw string literal"); if (ThisTokEnd < ThisTokBuf)
return DiagnoseLexingError(StringToks[i].getLocation());
beccadaxUnsubmitted
Not Done
ReplyInline Actions
ThisTokEnd -= ThisTokBuf - Prefix;
- assert(ThisTokEnd >= ThisTokBuf && "malformed raw string literal");
+ if (ThisTokEnd >= ThisTokBuf)
+ return DiagnoseLexingError(StringToks[i].getLocation());
// C++14 [lex.string]p4: A source-file new-line in a raw string literal

In your shoes, I would also have promoted this to a real check, but if you think that's overkill I'm fine with leaving it as it is.

beccadax: In your shoes, I would also have promoted this to a real check, but if you think that's…
jansvoboda11AuthorUnsubmitted
Done
ReplyInline Actions

I think that's sensible, thanks!

jansvoboda11: I think that's sensible, thanks!
// C++14 [lex.string]p4: A source-file new-line in a raw string literal // C++14 [lex.string]p4: A source-file new-line in a raw string literal
// results in a new-line in the resulting execution string-literal. // results in a new-line in the resulting execution string-literal.
StringRef RemainingTokenSpan(ThisTokBuf, ThisTokEnd - ThisTokBuf); StringRef RemainingTokenSpan(ThisTokBuf, ThisTokEnd - ThisTokBuf);
while (!RemainingTokenSpan.empty()) { while (!RemainingTokenSpan.empty()) {
// Split the string literal on \r\n boundaries. // Split the string literal on \r\n boundaries.
size_t CRLFPos = RemainingTokenSpan.find("\r\n"); size_t CRLFPos = RemainingTokenSpan.find("\r\n");
StringRef BeforeCRLF = RemainingTokenSpan.substr(0, CRLFPos); StringRef BeforeCRLF = RemainingTokenSpan.substr(0, CRLFPos);
▲ Show 20 LinesShow All 269 LinesShow Last 20 Lines