[clang][BufferUsage] Fix a StringRef lifetime issue #159109
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
llvmbot
added
clang
|
@llvm/pr-subscribers-clang @llvm/pr-subscribers-clang-analysis Author: Timm Baeder (tbaederr) ChangesThe code before assigned the Fix this by using two different code paths for the Full diff: https://github.com/llvm/llvm-project/pull/159109.diff 1 Files Affected:
diff --git a/clang/lib/Analysis/UnsafeBufferUsage.cpp b/clang/lib/Analysis/UnsafeBufferUsage.cpp
index 1d7b8722103aa..ad3d2346d18be 100644
--- a/clang/lib/Analysis/UnsafeBufferUsage.cpp
+++ b/clang/lib/Analysis/UnsafeBufferUsage.cpp
@@ -900,22 +900,22 @@ static bool hasUnsafeFormatOrSArg(const CallExpr *Call, const Expr *&UnsafeArg,
const Expr *Fmt = Call->getArg(FmtArgIdx);
if (auto *SL = dyn_cast<clang::StringLiteral>(Fmt->IgnoreParenImpCasts())) {
- StringRef FmtStr;
+ if (SL->getCharByteWidth() == 1) {
+ StringRef FmtStr = SL->getString();
+ StringFormatStringHandler Handler(Call, FmtArgIdx, UnsafeArg, Ctx);
- if (SL->getCharByteWidth() == 1)
- FmtStr = SL->getString();
- else if (auto EvaledFmtStr = SL->tryEvaluateString(Ctx))
- FmtStr = *EvaledFmtStr;
- else
- goto CHECK_UNSAFE_PTR;
-
- StringFormatStringHandler Handler(Call, FmtArgIdx, UnsafeArg, Ctx);
+ return analyze_format_string::ParsePrintfString(
+ Handler, FmtStr.begin(), FmtStr.end(), Ctx.getLangOpts(),
+ Ctx.getTargetInfo(), isKprintf);
+ }
- return analyze_format_string::ParsePrintfString(
- Handler, FmtStr.begin(), FmtStr.end(), Ctx.getLangOpts(),
- Ctx.getTargetInfo(), isKprintf);
+ if (auto FmtStr = SL->tryEvaluateString(Ctx)) {
+ StringFormatStringHandler Handler(Call, FmtArgIdx, UnsafeArg, Ctx);
+ return analyze_format_string::ParsePrintfString(
+ Handler, FmtStr->data(), FmtStr->data() + FmtStr->size(),
+ Ctx.getLangOpts(), Ctx.getTargetInfo(), isKprintf);
+ }
}
-CHECK_UNSAFE_PTR:
// If format is not a string literal, we cannot analyze the format string.
// In this case, this call is considered unsafe if at least one argument
// (including the format argument) is unsafe pointer.
|
erichkeane
approved these changes
Sep 17, 2025
|
Thanks for the fix! |
|
Just to clarify here, the memory did not just "vanish" it was because it was using the return value of of scope and therefore the lifetime ended and we had undefined behavior at that point. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The code before assigned the
std::stringreturned fromtryEvaluateString()to theStringRef, but it was possible that the underlying data of that string vanished in the meantime, passing invalid stack memory toParsePrintfString.Fix this by using two different code paths for the
getCharByteWidth() == 1case and thetryEvaluateString()one.