[cfe-commits] r84925 - /cfe/trunk/lib/Frontend/PCHReader.cpp

Ted Kremenek kremenek at apple.com
Thu Oct 22 20:57:22 PDT 2009

Author: kremenek
Date: Thu Oct 22 22:57:22 2009
New Revision: 84925

URL: http://llvm.org/viewvc/llvm-project?rev=84925&view=rev
Fix integer overflow in PCHReader when reading the length of an
identifier.  This caused a crash when reading PCH files that contained
long identifier names.

The issue is that 'StrLenPtr' was previously a 'const char *', meaning
the byte loaded from it would be interpretted as a signed integer.  If
the topmost bit was set, conversion to 'unsigned' would extend that
bit, causing an overflow.

The solution is to make 'StrLenPtr' an 'unsigned char *', always
treating the value as an unsigned integer.

This fixes: <rdar://problem/7328900>


Modified: cfe/trunk/lib/Frontend/PCHReader.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Frontend/PCHReader.cpp?rev=84925&r1=84924&r2=84925&view=diff

--- cfe/trunk/lib/Frontend/PCHReader.cpp (original)
+++ cfe/trunk/lib/Frontend/PCHReader.cpp Thu Oct 22 22:57:22 2009
@@ -2515,7 +2515,7 @@
     // All of the strings in the PCH file are preceded by a 16-bit
     // length. Extract that 16-bit length to avoid having to execute
     // strlen().
-    const char *StrLenPtr = Str - 2;
+    const unsigned char *StrLenPtr = (const unsigned char*) Str - 2;
     unsigned StrLen = (((unsigned) StrLenPtr[0])
                        | (((unsigned) StrLenPtr[1]) << 8)) - 1;
     IdentifiersLoaded[ID - 1]

More information about the cfe-commits mailing list