[clang] fix out of bounds access in an empty string when lexing a _Pragma with missing string token

hyp · hyp · commit 979d0ee8ab30 · 2022-02-02T11:16:11.000-08:00
The lexer can attempt to lex a _Pragma and crash with an out of bounds string access when it's lexing a _Pragma whose string token is an invalid buffer, e.g. when a module header file from which the macro expansion for that token was deleted from the file system. Differential Revision: https://reviews.llvm.org/D116052
diff --git a/clang/lib/Frontend/PrintPreprocessedOutput.cpp b/clang/lib/Frontend/PrintPreprocessedOutput.cpp
@@ -189,7 +189,8 @@ class PrintPPOutputPPCallbacks : public PPCallbacks {
   bool MoveToLine(const Token &Tok, bool RequireStartOfLine) {
     PresumedLoc PLoc = SM.getPresumedLoc(Tok.getLocation());
     unsigned TargetLine = PLoc.isValid() ? PLoc.getLine() : CurLine;
-    bool IsFirstInFile = Tok.isAtStartOfLine() && PLoc.getLine() == 1;
+    bool IsFirstInFile =
+        Tok.isAtStartOfLine() && PLoc.isValid() && PLoc.getLine() == 1;
     return MoveToLine(TargetLine, RequireStartOfLine) || IsFirstInFile;
   }
 
diff --git a/clang/lib/Lex/Pragma.cpp b/clang/lib/Lex/Pragma.cpp
@@ -263,7 +263,12 @@ void Preprocessor::Handle_Pragma(Token &Tok) {
   }
 
   SourceLocation RParenLoc = Tok.getLocation();
-  std::string StrVal = getSpelling(StrTok);
+  bool Invalid = false;
+  std::string StrVal = getSpelling(StrTok, &Invalid);
+  if (Invalid) {
+    Diag(PragmaLoc, diag::err__Pragma_malformed);
+    return;
+  }
 
   // The _Pragma is lexically sound.  Destringize according to C11 6.10.9.1:
   // "The string literal is destringized by deleting any encoding prefix,
diff --git a/clang/test/Preprocessor/pragma-missing-string-token.c b/clang/test/Preprocessor/pragma-missing-string-token.c
@@ -0,0 +1,27 @@
+// RUN: rm -rf %t
+// RUN: split-file %s %t
+
+// RUN: %clang_cc1 -emit-module -x c -fmodules -I %t/Inputs -fmodule-name=aa %t/Inputs/module.modulemap -o %t/aa.pcm
+// RUN: rm %t/Inputs/b.h
+// RUN: not %clang_cc1 -E -fmodules -I %t/Inputs -fmodule-file=%t/aa.pcm %s -o - -fallow-pcm-with-compiler-errors 2>&1 | FileCheck %s
+
+//--- Inputs/module.modulemap
+module aa {
+    header "a.h"
+    header "b.h"
+}
+
+//--- Inputs/a.h
+#define TEST(x) x
+
+//--- Inputs/b.h
+#define SUB "mypragma"
+
+//--- test.c
+#include "a.h"
+
+_Pragma(SUB);
+int a = TEST(SUB);
+
+// CHECK: int a
+// CHECK: 1 error generated

Original file line number	Diff line number	Diff line change
`@@ -189,7 +189,8 @@ class PrintPPOutputPPCallbacks : public PPCallbacks {`
`189`	`189`	`bool MoveToLine(const Token &Tok, bool RequireStartOfLine) {`
`190`	`190`	`PresumedLoc PLoc = SM.getPresumedLoc(Tok.getLocation());`
`191`	`191`	`unsigned TargetLine = PLoc.isValid() ? PLoc.getLine() : CurLine;`
`192`		`- bool IsFirstInFile = Tok.isAtStartOfLine() && PLoc.getLine() == 1;`
	`192`	`+ bool IsFirstInFile =`
	`193`	`+ Tok.isAtStartOfLine() && PLoc.isValid() && PLoc.getLine() == 1;`
`193`	`194`	`return MoveToLine(TargetLine, RequireStartOfLine) \|\| IsFirstInFile;`
`194`	`195`	`}`
`195`	`196`