[PATCH] libcpp: Implement -Wbidirectional for CVE-2021-42574 [PR103026]
Joseph Myers
joseph@codesourcery.com
Mon Nov 1 22:10:40 GMT 2021
On Mon, 1 Nov 2021, Marek Polacek via Gcc-patches wrote:
> + /* We've read a bidi char, update the current vector as necessary. */
> + void on_char (kind k, bool ucn_p)
> + {
> + switch (k)
> + {
> + case kind::LRE:
> + case kind::RLE:
> + case kind::LRO:
> + case kind::RLO:
> + vec.push (ucn_p ? 3u : 1u);
> + break;
> + case kind::LRI:
> + case kind::RLI:
> + case kind::FSI:
> + vec.push (ucn_p ? 2u : 0u);
> + break;
> + case kind::PDF:
> + if (current_ctx () == kind::PDF)
> + pop ();
> + break;
> + case kind::PDI:
> + if (current_ctx () == kind::PDI)
> + pop ();
My understanding is that PDI should pop all intermediate PDF contexts
outward to a PDI context, which it also pops. (But if it's embedded only
in PDF contexts, with no PDI context containing it, it doesn't pop
anything.)
I think failing to handle that only means libcpp sometimes models there
as being more bidirectional contexts open than there should be, so it
might give spurious warnings when in fact all such contexts had been
closed by end of string or comment.
--
Joseph S. Myers
joseph@codesourcery.com
More information about the Gcc-patches
mailing list