Fix a crash with empty escape sequences when lexing #102339
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The utilities we use for lexing string and character literals can be
run in a mode where we pass a null pointer for the diagnostics engine.
This mode is used by the format string checkers, for example. However,
there were two places that failed to account for a null diagnostic
engine pointer: `\o{}` and `\x{}`.
This patch adds a check for a null pointer and correctly handles
fallback behavior.
Fixes llvm#102218
AaronBallman
added
c
clang:frontend
|
@llvm/pr-subscribers-clang Author: Aaron Ballman (AaronBallman) ChangesThe utilities we use for lexing string and character literals can be run in a mode where we pass a null pointer for the diagnostics engine. This mode is used by the format string checkers, for example. However, there were two places that failed to account for a null diagnostic engine pointer: This patch adds a check for a null pointer and correctly handles fallback behavior. Fixes #102218 Full diff: https://github.com/llvm/llvm-project/pull/102339.diff 3 Files Affected:
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 978b4ac8ea2e3..565812e9b503f 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -170,6 +170,8 @@ Bug Fixes in This Version
be used in C++.
- Fixed a failed assertion when checking required literal types in C context. (#GH101304).
- Fixed a crash when trying to transform a dependent address space type. Fixes #GH101685.
+- Fixed a crash when diagnosing format strings and encountering an empty
+ delimited escape sequence (e.g., ``"\o{}"``). #GH102218
Bug Fixes to Compiler Builtins
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/clang/lib/Lex/LiteralSupport.cpp b/clang/lib/Lex/LiteralSupport.cpp
index 9d2720af5dbd9..225a6c2d15baa 100644
--- a/clang/lib/Lex/LiteralSupport.cpp
+++ b/clang/lib/Lex/LiteralSupport.cpp
@@ -190,9 +190,10 @@ static unsigned ProcessCharEscape(const char *ThisTokBegin,
Delimited = true;
ThisTokBuf++;
if (*ThisTokBuf == '}') {
- Diag(Diags, Features, Loc, ThisTokBegin, EscapeBegin, ThisTokBuf,
- diag::err_delimited_escape_empty);
- return ResultChar;
+ HadError = true;
+ if (Diags)
+ Diag(Diags, Features, Loc, ThisTokBegin, EscapeBegin, ThisTokBuf,
+ diag::err_delimited_escape_empty);
}
} else if (ThisTokBuf == ThisTokEnd || !isHexDigit(*ThisTokBuf)) {
if (Diags)
@@ -283,9 +284,10 @@ static unsigned ProcessCharEscape(const char *ThisTokBegin,
Delimited = true;
++ThisTokBuf;
if (*ThisTokBuf == '}') {
- Diag(Diags, Features, Loc, ThisTokBegin, EscapeBegin, ThisTokBuf,
- diag::err_delimited_escape_empty);
- return ResultChar;
+ HadError = true;
+ if (Diags)
+ Diag(Diags, Features, Loc, ThisTokBegin, EscapeBegin, ThisTokBuf,
+ diag::err_delimited_escape_empty);
}
while (ThisTokBuf != ThisTokEnd) {
diff --git a/clang/test/Lexer/char-escapes-delimited.c b/clang/test/Lexer/char-escapes-delimited.c
index 5327ef700b0e2..7a8986bc5f867 100644
--- a/clang/test/Lexer/char-escapes-delimited.c
+++ b/clang/test/Lexer/char-escapes-delimited.c
@@ -123,3 +123,16 @@ void separators(void) {
static_assert('\N??<DOLLAR SIGN??>' == '$'); // expected-warning 2{{trigraph converted}} \
// ext-warning {{extension}} cxx23-warning {{C++23}}
#endif
+
+void GH102218(void) {
+ // The format specifier checking code runs the lexer with diagnostics
+ // disabled. This used to crash Clang for malformed \o and \x because the
+ // lexer missed a null pointer check for the diagnostics engine in that case.
+ extern int printf(const char *, ...);
+ printf("\o{}"); // expected-error {{delimited escape sequence cannot be empty}}
+ printf("\x{}"); // expected-error {{delimited escape sequence cannot be empty}}
+
+ // These cases always worked but are here for completeness.
+ printf("\u{}"); // expected-error {{delimited escape sequence cannot be empty}}
+ printf("\N{}"); // expected-error {{delimited escape sequence cannot be empty}}
+}
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The utilities we use for lexing string and character literals can be run in a mode where we pass a null pointer for the diagnostics engine. This mode is used by the format string checkers, for example. However, there were two places that failed to account for a null diagnostic engine pointer:
\o{}and\x{}.This patch adds a check for a null pointer and correctly handles fallback behavior.
Fixes #102218