Fix infinite loop in split_by_comma_or_colon(). (#1332)

* Fix infinite loop in `split_by_comma_or_colon()`. The mere presence of a `,` or a `:` in the input string would make the function enter an infinite loop, effectively freezing the program until all available memory was exhausted. The string position in the loop was not incremented past the `,` or the `;` character that had just been read. The function is currently used only in the `--exclude-libs` option. The freeze is reproducible with: ```bash $ mold --exclude-libs foo,bar ``` The longer the string after the first `,` or `:` is, the faster memory exhaustion is reached. * Skip empty parts in `split_by_comma_or_colon()`.
rui314 · Aug 18, 2024 · 0c74e82 · 0c74e82
1 parent cf5d054
commit 0c74e82
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/src/cmdline.cc b/src/cmdline.cc
@@ -422,14 +422,16 @@ static std::vector<std::string_view>
 split_by_comma_or_colon(std::string_view str) {
   std::vector<std::string_view> vec;
 
-  for (;;) {
+  while (!str.empty()) {
     i64 pos = str.find_first_of(",:");
     if (pos == str.npos) {
       vec.push_back(str);
       break;
     }
-    vec.push_back(str.substr(0, pos));
-    str = str.substr(pos);
+    if (pos > 0) {
+      vec.push_back(str.substr(0, pos));
+    }
+    str = str.substr(pos + 1);
   }
   return vec;
 }