[cfe-commits] r84980 - /cfe/trunk/lib/AST/ASTContext.cpp
John McCall
rjmccall at apple.com
Fri Oct 23 17:06:01 PDT 2009
Fariborz Jahanian wrote:
> Author: fjahanian
> Date: Fri Oct 23 18:55:43 2009
> New Revision: 84980
>
> URL: http://llvm.org/viewvc/llvm-project?rev=84980&view=rev
> Log:
> Fixe a buffer overflow problem which causes a crash
> in a certain project. Need to have a permananent fix later
> (FIXME added).
>
>
> Modified:
> cfe/trunk/lib/AST/ASTContext.cpp
>
> Modified: cfe/trunk/lib/AST/ASTContext.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/AST/ASTContext.cpp?rev=84980&r1=84979&r2=84980&view=diff
>
> ==============================================================================
> --- cfe/trunk/lib/AST/ASTContext.cpp (original)
> +++ cfe/trunk/lib/AST/ASTContext.cpp Fri Oct 23 18:55:43 2009
> @@ -2855,8 +2855,10 @@
>
> // FIXME: Move up
> static int UniqueBlockByRefTypeID = 0;
> - char Name[36];
> + // FIXME. This is error prone. Luckinly stack-canary stuff caught it.
> + char Name[128];
> sprintf(Name, "__Block_byref_%d_%s", ++UniqueBlockByRefTypeID, DeclName);
> + assert((strlen(Name) < sizeof(Name)) && "BuildByRefType - buffer overflow");
> RecordDecl *T;
> T = RecordDecl::Create(*this, TagDecl::TK_struct, TUDecl, SourceLocation(),
> &Idents.get(Name));
> @@ -2904,8 +2906,10 @@
> llvm::SmallVector<const Expr *, 8> &BlockDeclRefDecls) {
> // FIXME: Move up
> static int UniqueBlockParmTypeID = 0;
> - char Name[36];
> + // FIXME. This is error prone. Luckinly stack-canary stuff caught it.
> + char Name[128];
> sprintf(Name, "__block_literal_%u", ++UniqueBlockParmTypeID);
> + assert((strlen(Name) < sizeof(Name)) && "getBlockParmType - buffer overflow");
> RecordDecl *T;
> T = RecordDecl::Create(*this, TagDecl::TK_struct, TUDecl, SourceLocation(),
> &Idents.get(Name));
>
>
It doesn't fix the problem properly, but snprintf() will at least never
trash the stack, and the return value will still permit the assert.
John.
More information about the cfe-commits
mailing list