mirror of
https://github.com/llvm/llvm-project.git
synced 2025-04-26 06:46:07 +00:00
6f43255edb
The 3-parameter std::equal used in this code access FileBuffer from [0, OutputBuffer->getBufferEnd() - OutputBuffer->getBufferStart()). If the size of FileBuffer is shorter than OutputBuffer, this ends up overflowing. This wasn't found on the sanitizer buildbots as they use an instrumented libcxx, and libcxx implements std::equal using a loop. libstdc++ on my local macine finds the bug, as it implements std::equal using bcmp(), which ASan intercepts and does a range check. The existing test doesn't technically do a buffer-overflow, but the code definitely can. If OutputBuffer was "AAABBB" and FileBuffer was "AAA", then the code would overflow. Reviewed By: abrachet Differential Revision: https://reviews.llvm.org/D139457