Skip to content

[Parse] Fix buffer overrun in advanceIfMultilineDelimiter #85889

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hamishknight merged 1 commit into from
Dec 9, 2025
Merged

[Parse] Fix buffer overrun in advanceIfMultilineDelimiter #85889

hamishknight merged 1 commit into from
Dec 9, 2025
+35 −19

Conversation

@hamishknight
Copy link
Contributor

@hamishknight hamishknight commented Dec 7, 2025
edited
Loading

Make sure we don't scan off the end of the buffer, and scan for the delimiter before attempting the lookahead.

rdar://165774720

@hamishknight
[Parse] Fix buffer overrun in advanceIfMultilineDelimiter
0068438 
Make sure we don't scan off the end of the buffer, and scan for the
delimiter before attempting the lookahead.
@hamishknight
Copy link
Contributor Author

hamishknight commented Dec 7, 2025

@swift-ci please test

@hamishknight
Copy link
Contributor Author

hamishknight commented Dec 7, 2025

@swift-ci please SourceKit stress test

@hamishknight hamishknight mentioned this pull request Dec 7, 2025
Merged
rintaro
rintaro reviewed Dec 9, 2025
View reviewed changes
lib/Parse/Lexer.cpp
const char *TmpPtr = CurPtr;
if (*(TmpPtr - 1) == '"' &&
diagnoseZeroWidthMatchAndAdvance('"', TmpPtr, Diags) &&
diagnoseZeroWidthMatchAndAdvance('"', TmpPtr, Diags)) {
Copy link
Member

@rintaro rintaro Dec 9, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No check for EndPtr because we guarantee *EndPtr is 0?
But maybe we could early check like:

if (CurPtr + 2 >= EndPtr) return false;

Copy link
Contributor Author

@hamishknight hamishknight Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah exactly, e.g delimiterMatches does

  while (diagnoseZeroWidthMatchAndAdvance('#', TmpPtr, Diags)) {}

I don't mind adding an extra check though

Copy link
Member

@rintaro rintaro Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see. Considering delimiterMatches does that, I don't think extra check is needed.

lib/Parse/Lexer.cpp
const char *&CurPtr, const char *EndPtr,
DiagnosticEngine *Diags,
bool IsOpening = false) {
auto scanDelimiter = [&]() -> const char * {
Copy link
Member

@rintaro rintaro Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

scanDelimiter is used only once. Why not

const char *DelimEnd = nullptr;
{
    // CurPtr here points to the character after `"`.
    const char *TmpPtr = CurPtr;
    if (*(TmpPtr - 1) == '"' &&
        diagnoseZeroWidthMatchAndAdvance('"', TmpPtr, Diags) &&
        diagnoseZeroWidthMatchAndAdvance('"', TmpPtr, Diags)) {
      DelimEnd = TmpPtr;
    } else {
      return false;
    }
}

If it's just a matter of the code style, I'm fine with the lambda.

Copy link
Contributor Author

@hamishknight hamishknight Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah personally I prefer the lambda, shame C++ doesn't have guard statements 😄

Copy link
Member

@rintaro rintaro Dec 9, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or just like swift-syntax counterpart

// CurPtr here points to the character after `"`.
const char *DelimEnd = CurPtr;
if (*(DelimEnd - 1) == '"' &&
    diagnoseZeroWidthMatchAndAdvance('"', DelimEnd, Diags) &&
    diagnoseZeroWidthMatchAndAdvance('"', DelimEnd, Diags)) {
 // Found the delimiter
} else {
  return false;
}

Copy link
Contributor Author

@hamishknight hamishknight Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An empty if body feels weird to me, I don't mind changing it though

Copy link
Member

@rintaro rintaro Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay. I'm fine with as-is

@hamishknight hamishknight merged commit 20bee09 into swiftlang:main Dec 9, 2025
5 of 6 checks passed
@hamishknight hamishknight deleted the overrun branch December 9, 2025 20:26
@rintaro rintaro mentioned this pull request Dec 9, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rintaro rintaro rintaro approved these changes

@bnbarham bnbarham Awaiting requested review from bnbarham bnbarham is a code owner

@CodaFi CodaFi Awaiting requested review from CodaFi CodaFi is a code owner

@DougGregor DougGregor Awaiting requested review from DougGregor DougGregor is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hamishknight @rintaro