From 3eb041dcd1a89e1aa71edbb87034dae99b52e63c Mon Sep 17 00:00:00 2001 From: Benjamin Kramer Date: Fri, 1 Apr 2016 09:58:45 +0000 Subject: [PATCH] [Lexer] Don't read out of bounds if a conflict marker is at the end of a file This can happen as we look for '<<<<' while scanning tokens but then expect '<<<<\n' to tell apart perforce from diff3 conflict markers. Just harden the pointer arithmetic. Found by libfuzzer + asan! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@265125 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/Lex/Lexer.cpp | 2 +- test/Lexer/eof-conflict-marker.c | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 test/Lexer/eof-conflict-marker.c diff --git a/lib/Lex/Lexer.cpp b/lib/Lex/Lexer.cpp index 52146d7033..946f36fb53 100644 --- a/lib/Lex/Lexer.cpp +++ b/lib/Lex/Lexer.cpp @@ -2610,7 +2610,7 @@ static const char *FindConflictEnd(const char *CurPtr, const char *BufferEnd, ConflictMarkerKind CMK) { const char *Terminator = CMK == CMK_Perforce ? "<<<<\n" : ">>>>>>>"; size_t TermLen = CMK == CMK_Perforce ? 5 : 7; - StringRef RestOfBuffer(CurPtr+TermLen, BufferEnd-CurPtr-TermLen); + auto RestOfBuffer = StringRef(CurPtr, BufferEnd - CurPtr).substr(TermLen); size_t Pos = RestOfBuffer.find(Terminator); while (Pos != StringRef::npos) { // Must occur at start of line. diff --git a/test/Lexer/eof-conflict-marker.c b/test/Lexer/eof-conflict-marker.c new file mode 100644 index 0000000000..e0c35401cc --- /dev/null +++ b/test/Lexer/eof-conflict-marker.c @@ -0,0 +1,11 @@ +// RUN: %clang_cc1 %s -verify -fsyntax-only +// vim: set binary noeol: + +// This file intentionally ends without a \n on the last line. Make sure your +// editor doesn't add one. + +>>>> ORIGINAL +// expected-error@-1 {{version control conflict marker in file}} +<<<< +// expected-error@-1 {{expected identifier or '('}} +<<<< \ No newline at end of file -- 2.50.1