RPCS3/llvm-mirror
1
0
Fork 0
mirror of https://github.com/RPCS3/llvm-mirror.git synced 2025-02-23 22:15:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix overflow checks in SmallVector:

Browse Source 
"The code was doing "if (End+NumInputs > Capacity) ...". If End is
close to 0xFFFFFFFF and NumInputs is large, it'll overflow, the
condition will come out false, and the vector won't grow to
accommodate the new elements, and the program will crash in memmove."

Patch by Jeffrey Yasskin!

llvm-svn: 68277
This commit is contained in:
Chris Lattner 2009-04-02 03:06:26 +00:00
parent 87b0df5b28
commit 09cab2de98
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
include/llvm/ADT/SmallVector.h
View File

@ -210,7 +210,7 @@ public:
void append(in_iter in_start, in_iter in_end) {
size_type NumInputs = std::distance(in_start, in_end);
// Grow allocated space if needed.
if (End+NumInputs > Capacity)
if (NumInputs > size_type(Capacity-End))
grow(size()+NumInputs);
// Copy the new elements over.
@ -222,7 +222,7 @@ public:
///
void append(size_type NumInputs, const T &Elt) {
// Grow allocated space if needed.
if (End+NumInputs > Capacity)
if (NumInputs > size_type(Capacity-End))
grow(size()+NumInputs);
// Copy the new elements over.
@ -456,9 +456,9 @@ void SmallVectorImpl<T>::swap(SmallVectorImpl<T> &RHS) {
std::swap(Capacity, RHS.Capacity);
return;
}
if (Begin+RHS.size() > Capacity)
if (RHS.size() > size_type(Capacity-Begin))
grow(RHS.size());
if (RHS.begin()+size() > RHS.Capacity)
if (size() > size_type(RHS.Capacity-RHS.begin()))
RHS.grow(size());
// Swap the shared elements.