• Ömer Sinan Ağacan's avatar
    FastString: fix eager reading of string ptr in hashStr · cb1785d9
    Ömer Sinan Ağacan authored
    This read causes NULL dereferencing when len is 0.
    
    Fixes #17909
    
    In the reproducer in #17909 this bug is triggered as follows:
    
    - SimplOpt.dealWithStringLiteral is called with a single-char string
      ("=" in #17909)
    
    - tailFS gets called on the FastString of the single-char string.
    
    - tailFS checks the length of the string, which is 1, and calls
      mkFastStringByteString on the tail of the ByteString, which is an
      empty ByteString as the original ByteString has only one char.
    
    - ByteString's unsafeUseAsCStringLen returns (NULL, 0) for the empty
      ByteString, which is passed to mkFastStringWith.
    
    - mkFastStringWith gets hash of the NULL pointer via hashStr, which
      fails on empty strings because of this bug.
    cb1785d9
Code owners : Ben Gamari
FastString.hs 23.5 KB