[cfe-commits] r50815 - /cfe/trunk/lib/AST/Expr.cpp
Steve Naroff
snaroff at apple.com
Wed May 7 10:08:12 PDT 2008
Thanks for the heads up. It's certainly possible the client of the
iterator is busted.
I'll dig a bit deeper,
snaroff
On May 7, 2008, at 9:59 AM, Ted Kremenek wrote:
>
> On May 7, 2008, at 9:50 AM, Steve Naroff wrote:
>>
>> Fix off-by-one error.
>>
>> Modified:
>> cfe/trunk/lib/AST/Expr.cpp
>>
>> Modified: cfe/trunk/lib/AST/Expr.cpp
>> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/AST/Expr.cpp?rev=50815&r1=50814&r2=50815&view=diff
>>
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =====================================================================
>> --- cfe/trunk/lib/AST/Expr.cpp (original)
>> +++ cfe/trunk/lib/AST/Expr.cpp Wed May 7 11:50:14 2008
>> @@ -1369,7 +1369,7 @@
>> return reinterpret_cast<Stmt**>(&InitExprs[0]);
>> }
>> Stmt::child_iterator InitListExpr::child_end() {
>> - return reinterpret_cast<Stmt**>(&InitExprs[getNumInits()]);
>> + return reinterpret_cast<Stmt**>(&InitExprs[getNumInits()-1]);
>> }
>
> Hi Steve,
>
> I'm not certain if this is correct. If getNumInits() is 0 then the
> end will point to before the beginning. While the original code
> looks like buffer overflow, you do want the end iterator to point to
> *after* the last valid element:
>
> return reinterpret_cast<Stmt**>(&InitExprs[0] + InitExprs.size());
>
> (this of course is what you had before).
>
> Ted
>
More information about the cfe-commits
mailing list