[llvm-commits] [llvm] r68303 - /llvm/branches/Apple/Dib/include/llvm/ADT/SmallVector.h

Bill Wendling isanbard at gmail.com
Wed Apr 1 23:45:20 PDT 2009 

Author: void
Date: Thu Apr  2 01:45:19 2009
New Revision: 68303

URL: http://llvm.org/viewvc/llvm-project?rev=68303&view=rev
Log:
--- Merging (from foreign repository) r68277 into '.':
U    include/llvm/ADT/SmallVector.h

fix overflow checks in SmallVector:

"The code was doing "if (End+NumInputs > Capacity) ...". If End is
close to 0xFFFFFFFF and NumInputs is large, it'll overflow, the
condition will come out false, and the vector won't grow to
accommodate the new elements, and the program will crash in memmove."

Patch by Jeffrey Yasskin!

Modified:
    llvm/branches/Apple/Dib/include/llvm/ADT/SmallVector.h

Modified: llvm/branches/Apple/Dib/include/llvm/ADT/SmallVector.h
URL: http://llvm.org/viewvc/llvm-project/llvm/branches/Apple/Dib/include/llvm/ADT/SmallVector.h?rev=68303&r1=68302&r2=68303&view=diff

==============================================================================
--- llvm/branches/Apple/Dib/include/llvm/ADT/SmallVector.h (original)
+++ llvm/branches/Apple/Dib/include/llvm/ADT/SmallVector.h Thu Apr  2 01:45:19 2009
@@ -210,7 +210,7 @@
   void append(in_iter in_start, in_iter in_end) {
     size_type NumInputs = std::distance(in_start, in_end);
     // Grow allocated space if needed.
-    if (End+NumInputs > Capacity)
+    if (NumInputs > size_type(Capacity-End))
       grow(size()+NumInputs);
 
     // Copy the new elements over.
@@ -222,7 +222,7 @@
   ///
   void append(size_type NumInputs, const T &Elt) {
     // Grow allocated space if needed.
-    if (End+NumInputs > Capacity)
+    if (NumInputs > size_type(Capacity-End))
       grow(size()+NumInputs);
 
     // Copy the new elements over.
@@ -454,9 +454,9 @@
     std::swap(Capacity, RHS.Capacity);
     return;
   }
-  if (Begin+RHS.size() > Capacity)
+  if (RHS.size() > size_type(Capacity-Begin))
     grow(RHS.size());
-  if (RHS.begin()+size() > RHS.Capacity)
+  if (size() > size_type(RHS.Capacity-RHS.begin()))
     RHS.grow(size());
 
   // Swap the shared elements.

More information about the llvm-commits mailing list