search

Quuxplusone / LLVMBugzillaTest

0 stars 0 forks source link

Buffer overrun in clang::TextDiagnostic::emitSnippetAndCaret when source contains raw NUL #14829

Open Quuxplusone opened 11 years ago

Quuxplusone commented 11 years ago
Bugzilla Link PR14829
Status NEW
Importance P normal
Reported by Rudolf Polzer (divverent@xonotic.org)
Reported on 2013-01-07 04:40:01 -0800
Last modified on 2018-10-25 20:11:58 -0700
Version 3.1
Hardware PC Linux
CC llvm-bugs@lists.llvm.org, rafael@espindo.la, richard-llvm@metafoo.co.uk
Fixed by commit(s)
Attachments x.c (143 bytes, text/x-csrc)
Blocks
Blocked by
See also 
Created attachment 9823
Test program with an embedded NUL

When compiling the attached test program, clang segfaults like this:

[rpolzer@nb-04 tmp]$ clang x.c
x.c:1:34: warning: null character(s) preserved in string literal
      [-Wnull-character]
0  libLLVM-3.1.so  0x00007f5a86d6563f
1  libLLVM-3.1.so  0x00007f5a86d65aa9
2  libpthread.so.0 0x00007f5a860a41a0
3  clang           0x000000000062e80c
clang::TextDiagnostic::emitSnippetAndCaret(clang::SourceLocation,
clang::DiagnosticsEngine::Level,
llvm::SmallVectorImpl<clang::CharSourceRange>&,
llvm::ArrayRef<clang::FixItHint>) + 2524
4  clang           0x0000000000625772
clang::DiagnosticRenderer::emitMacroExpansionsAndCarets(clang::SourceLocation,
clang::DiagnosticsEngine::Level,
llvm::SmallVectorImpl<clang::CharSourceRange>&,
llvm::ArrayRef<clang::FixItHint>, unsigned int&, unsigned int) + 82
5  clang           0x00000000006252d9
clang::DiagnosticRenderer::emitDiagnostic(clang::SourceLocation,
clang::DiagnosticsEngine::Level, llvm::StringRef,
llvm::ArrayRef<clang::CharSourceRange>, llvm::ArrayRef<clang::FixItHint>,
llvm::PointerUnion<clang::Diagnostic const*, clang::StoredDiagnostic const*>) +
697
6  clang           0x000000000061895c
clang::TextDiagnosticPrinter::HandleDiagnostic(clang::DiagnosticsEngine::Level,
clang::Diagnostic const&) + 1100
7  clang           0x0000000000f374b1
clang::DiagnosticIDs::ProcessDiag(clang::DiagnosticsEngine&) const + 385
8  clang           0x0000000000f31dd4
clang::DiagnosticsEngine::EmitCurrentDiagnostic() + 20
9  clang           0x0000000000eeed42
clang::Lexer::LexStringLiteral(clang::Token&, char const*,
clang::tok::TokenKind) + 258
10 clang           0x0000000000ef01dd
clang::Lexer::LexTokenInternal(clang::Token&) + 3597
11 clang           0x0000000000832a20
12 clang           0x00000000008353f0
clang::Parser::ParseDeclarationAfterDeclaratorAndAttributes(clang::Declarator&,
clang::Parser::ParsedTemplateInfo const&) + 432
13 clang           0x000000000083a92b
clang::Parser::ParseDeclGroup(clang::Parser::ParsingDeclSpec&, unsigned int,
bool, clang::SourceLocation*, clang::Parser::ForRangeInit*) + 331
14 clang           0x000000000082d028
clang::Parser::ParseDeclarationOrFunctionDefinition(clang::Parser::ParsingDeclSpec&,
clang::AccessSpecifier) + 152
15 clang           0x000000000082d745
clang::Parser::ParseDeclarationOrFunctionDefinition(clang::ParsedAttributes&,
clang::AccessSpecifier) + 773
16 clang           0x000000000082f86f
clang::Parser::ParseExternalDeclaration(clang::Parser::ParsedAttributesWithRange&,
clang::Parser::ParsingDeclSpec*) + 3247
17 clang           0x000000000082fb6f
clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&) + 191
18 clang           0x0000000000827e6d clang::ParseAST(clang::Sema&, bool, bool)
+ 285
19 clang           0x00000000005d7096
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 262
20 clang           0x00000000005c0402
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 1042
21 clang           0x00000000005b9a23 cc1_main(char const**, char const**, char
const*, void*) + 9091
22 clang           0x00000000005b6b61 main + 7009
23 libc.so.6       0x00007f5a857f7725 __libc_start_main + 245
24 clang           0x00000000005b753d
Stack dump:
0.  Program arguments: /usr/bin/clang -cc1 -triple x86_64-unknown-linux-gnu -
emit-obj -mrelax-all -disable-free -disable-llvm-verifier -main-file-name x.c -
mrelocation-model static -mdisable-fp-elim -masm-verbose -mconstructor-aliases -
munwind-tables -target-cpu x86-64 -target-linker-version 2.23.1 -momit-leaf-
frame-pointer -resource-dir /usr/bin/../lib/clang/3.1 -fmodule-cache-path
/var/tmp/clang-module-cache -internal-isystem /usr/local/include -internal-
isystem /usr/bin/../lib/clang/3.1/include -internal-externc-isystem /include -
internal-externc-isystem /usr/include -fdebug-compilation-dir /tmp -ferror-
limit 19 -fmessage-length 80 -mstackrealign -fgnu-runtime -fobjc-runtime-has-
arc -fobjc-runtime-has-weak -fobjc-fragile-abi -fdiagnostics-show-option -
fcolor-diagnostics -o /tmp/x-F3STib.o -x c x.c
1.  <unknown> parser at unknown location
clang: error: unable to execute command: Segmentation fault (core dumped)
clang: error: clang frontend command failed due to signal (use -v to see
invocation)
clang: note: diagnostic msg: Please submit a bug report to
http://llvm.org/bugs/ and include command line arguments and all diagnostic
information.
clang: error: unable to execute command: Segmentation fault (core dumped)
clang: note: diagnostic msg: Error generating preprocessed source(s).

Making the program shorter shows:

[rpolzer@nb-04 tmp]$ clang x.c
x.c:1:34: warning: null character(s) preserved in string literal [-Wnull-
character]
const char foo[] = "Hello, world!<U+0000>"; // NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
                                 ^
1 warning generated.
/usr/lib/gcc/x86_64-unknown-linux-gnu/4.7.2/../../../crt1.o(.text+0x20): error:
undefined reference to 'main'
clang: error: linker command failed with exit code 1 (use -v to see invocation)

which is the intended result.
Quuxplusone commented 11 years ago

Attached x.c (143 bytes, text/x-csrc): Test program with an embedded NUL

Quuxplusone commented 11 years ago

clang 3.2 fixes the overrun by the way, but now cuts off the string at the NUL and no longer shows the <U+0000> there. That fixes the overrun for good, but still is not optimal.