llvm.org GIT mirror llvm / 52a43b2
Check special-case-list regex before insertion. Summary: Checks that the supplied regex to SpecialCaseList::Matcher::insert(..) is non-empty. Reported by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3688 Verified that this fixes the provided assertion failure (built with {asan, fuzzer}): ``` mitchp@mitchp2:~/llvm-build/git-fuzz$ ninja llvm-special-case-list-fuzzer[12/12] Linking CXX executable bin/llvm-special-case-list-fuzzer mitchp@mitchp2:~/llvm-build/git-fuzz$ bin/llvm-special-case-list-fuzzer ~/Downloads/clusterfuzz-testcase-6748633157337088 INFO: Seed: 1697404507 INFO: Loaded 1 modules (18581 inline 8-bit counters): 18581 [0x9e9f60, 0x9ee7f5), INFO: Loaded 1 PC tables (18581 PCs): 18581 [0x9ee7f8,0xa37148), bin/llvm-special-case-list-fuzzer: Running 1 inputs 1 time(s) each. Running: /usr/local/google/home/mitchp/Downloads/clusterfuzz-testcase-6748633157337088 Executed /usr/local/google/home/mitchp/Downloads/clusterfuzz-testcase-6748633157337088 in 0 ms *** *** NOTE: fuzzing was not performed, you have only *** executed the target code on a fixed set of inputs. *** mitchp@mitchp2:~/llvm-build/git-fuzz$ ``` Reviewers: kcc, vsk Reviewed By: vsk Subscribers: vsk, llvm-commits, vlad.tsyrklevich Differential Revision: https://reviews.llvm.org/D39212 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@316537 91177308-0d34-0410-b5e6-96231b3b80d8 Mitch Phillips 1 year, 9 months ago
2 changed file(s) with 8 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
2727
2828 bool SpecialCaseList::Matcher::insert(std::string Regexp,
2929 std::string &REError) {
30 if (Regexp.empty()) {
31 REError = "Supplied regexp was blank";
32 return false;
33 }
34
3035 if (Regex::isLiteralERE(Regexp)) {
3136 Strings.insert(Regexp);
3237 return true;
6666
6767 EXPECT_EQ(makeSpecialCaseList("[[]", Error), nullptr);
6868 EXPECT_TRUE(((StringRef)Error).startswith("malformed regex for section [: "));
69
70 EXPECT_EQ(makeSpecialCaseList("src:=", Error), nullptr);
71 EXPECT_TRUE(((StringRef)Error).endswith("Supplied regexp was blank"));
6972 }
7073
7174 TEST_F(SpecialCaseListTest, Section) {