averello/swift-mirror
1
0
Fork 0
mirror of https://github.com/apple/swift.git synced 2025-12-14 20:36:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

Don't import string macros with invalid UTF-8

Browse Source 
Swift string literals are only permitted to contain well-formed UTF-8, but C does not share this restriction, and ClangImporter wasn't checking for that before it created `StringLiteralExpr`s for imported macros; this could cause crashes when importing a header. This commit makes us drop these macros instead.

Although invalid UTF-8 always *did* cause a segfault in my testing, I'm not convinced that there isn't a way to cause a miscompile with a bug like this. If we somehow did generate code that fed ill-formed UTF-8 to the builtin literal init for Swift.String, the resulting string could cause undefined behavior at runtime. So I have additionally added a defensive assertion to StringLiteralInst that any UTF-8 string represented in SIL is well-formed. Hopefully that will catch any non-crashing compiler bugs like this one.

Fixes rdar://67840900.
This commit is contained in:
Becca Royal-Gordon
2022-01-26 20:57:13 -08:00
parent da64dc43c9
commit 4bd532ab9a
6 changed files with 33 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/Basic/Unicode.cpp
View File

@@ -123,3 +123,8 @@ unsigned swift::unicode::extractFirstUnicodeScalar(StringRef S) {
(void)Result;
return Scalar;
}
bool swift::unicode::isWellFormedUTF8(StringRef S) {
const llvm::UTF8 *begin = S.bytes_begin();
return llvm::isLegalUTF8String(&begin, S.bytes_end());
}