[llvm-commits] [llvm] r107200 - /llvm/trunk/include/llvm/ADT/SmallPtrSet.h

[Duncan Sands]

Author: baldrick
Date: Tue Jun 29 15:12:02 2010
New Revision: 107200

URL: http://llvm.org/viewvc/llvm-project?rev=107200&view=rev
Log:
Fix a buffer overflow noticed by gcc-4.6: zero is written into
SmallArray[SmallSize] in the SmallPtrSetIteratorImpl, and this is
one off the end of the array.  For those who care, right now gcc
warns about writing off the end because it is confused about the
declaration of SmallArray as having length 1 in the parent class
SmallPtrSetIteratorImpl.  However if you tweak code to unconfuse
it, then it still warns about writing off the end of the array,
because of this buffer overflow.  In short, even with this fix
gcc-4.6 will warn about writing off the end of the array, but now
that is only because it is confused.

Modified:
    llvm/trunk/include/llvm/ADT/SmallPtrSet.h

Modified: llvm/trunk/include/llvm/ADT/SmallPtrSet.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/include/llvm/ADT/SmallPtrSet.h?rev=107200&r1=107199&r2=107200&view=diff
==============================================================================
--- llvm/trunk/include/llvm/ADT/SmallPtrSet.h (original)
+++ llvm/trunk/include/llvm/ADT/SmallPtrSet.h Tue Jun 29 15:12:02 2010
@@ -233,7 +233,7 @@
 class SmallPtrSet : public SmallPtrSetImpl {
   // Make sure that SmallSize is a power of two, round up if not.
   enum { SmallSizePowTwo = NextPowerOfTwo<SmallSize>::Val };
-  void *SmallArray[SmallSizePowTwo];
+  void *SmallArray[SmallSizePowTwo+1];
   typedef PointerLikeTypeTraits<PtrType> PtrTraits;
 public:
   SmallPtrSet() : SmallPtrSetImpl(SmallSizePowTwo) {}