https://github.com/Kristianerik created https://github.com/llvm/llvm-project/pull/201289
When a module compilation fails partway through, a null buffer entry can be left in `PreprocessorOptions::RemappedFileBuffers`. The existing code in `InitializeFileRemapping` unconditionally dereferences `RB.second` via `getBufferSize()` and `getMemBufferRef()`, causing a crash. Add a null check consistent with the existing pattern in the `RemappedFiles` loop below, which already checks for missing files before use. The crash was discovered by a fuzzer and reported with a clear stacktrace showing the crash at `InitializeFileRemapping` line 419. Fixes: https://github.com/llvm/llvm-project/issues/201188 >From 10a3cc532415078c19e809396bad1c457f97336a Mon Sep 17 00:00:00 2001 From: Kristianerik <[email protected]> Date: Wed, 3 Jun 2026 01:06:38 -0700 Subject: [PATCH] [clang] Fix null buffer dereference in InitializeFileRemappingWhen a module compilation fails partway through, a null buffer entrycan be left in PreprocessorOptions::RemappedFileBuffers. The existingcode in InitializeFileRemapping unconditionally dereferences RB.secondvia getBufferSize() and getMemBufferRef(), causing a crash.Add a null check consistent with the existing pattern in theRemappedFiles loop below, which already checks for missing filesbefore use.Fixes: https://github.com/llvm/llvm-project/issues/201188 --- clang/lib/Frontend/CompilerInstance.cpp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/clang/lib/Frontend/CompilerInstance.cpp b/clang/lib/Frontend/CompilerInstance.cpp index 9e88abbece7f2..92a116af066a8 100644 --- a/clang/lib/Frontend/CompilerInstance.cpp +++ b/clang/lib/Frontend/CompilerInstance.cpp @@ -413,6 +413,13 @@ static void InitializeFileRemapping(DiagnosticsEngine &Diags, const PreprocessorOptions &InitOpts) { // Remap files in the source manager (with buffers). for (const auto &RB : InitOpts.RemappedFileBuffers) { + // Skip entries with a null buffer — this can occur when a module + // compilation fails partway through, leaving an uninitialized entry + // in RemappedFileBuffers. Treat it as a missing file and continue. + if (!RB.second) { + Diags.Report(diag::err_fe_remap_missing_to_file) << RB.first << "(null buffer)"; + continue; + } // Create the file entry for the file that we're mapping from. FileEntryRef FromFile = FileMgr.getVirtualFileRef(RB.first, RB.second->getBufferSize(), 0); _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
