[Lex] Avoid out-of-bounds dereference in SkipLineComment
Credit to OSS-Fuzz for discovery:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3145
rdar://34526482
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@315785 91177308-0d34-0410-b5e6-96231b3b80d8
(cherry picked from commit 4318ef1cb398b9b72aea287a815c09cfe68a2b27)
diff --git a/lib/Lex/Lexer.cpp b/lib/Lex/Lexer.cpp
index a3b0319..3b03ba6 100644
--- a/lib/Lex/Lexer.cpp
+++ b/lib/Lex/Lexer.cpp
@@ -2160,7 +2160,8 @@
// If we read multiple characters, and one of those characters was a \r or
// \n, then we had an escaped newline within the comment. Emit diagnostic
// unless the next line is also a // comment.
- if (CurPtr != OldPtr+1 && C != '/' && CurPtr[0] != '/') {
+ if (CurPtr != OldPtr + 1 && C != '/' &&
+ (CurPtr == BufferEnd + 1 || CurPtr[0] != '/')) {
for (; OldPtr != CurPtr; ++OldPtr)
if (OldPtr[0] == '\n' || OldPtr[0] == '\r') {
// Okay, we found a // comment that ends in a newline, if the next
diff --git a/unittests/Lex/LexerTest.cpp b/unittests/Lex/LexerTest.cpp
index 923aff1..40e4360 100644
--- a/unittests/Lex/LexerTest.cpp
+++ b/unittests/Lex/LexerTest.cpp
@@ -420,4 +420,9 @@
#endif
}
+TEST_F(LexerTest, AvoidPastEndOfStringDereference) {
+ std::vector<Token> LexedTokens = Lex(" // \\\n");
+ EXPECT_TRUE(LexedTokens.empty());
+}
+
} // anonymous namespace
