[llvm] r243927 - [UB] Fix a nasty place where we would pass null pointers to memcpy.
Chandler Carruth
chandlerc at gmail.com
Mon Aug 3 17:44:08 PDT 2015
Author: chandlerc
Date: Mon Aug 3 19:44:07 2015
New Revision: 243927
URL: http://llvm.org/viewvc/llvm-project?rev=243927&view=rev
Log:
[UB] Fix a nasty place where we would pass null pointers to memcpy.
This happens to work, but is not guaranteed to work. Indeed, most memcpy
interfaces in Linux-land annotate these arguments as nonnull, and GCC
and LLVM both can and do optimized based upon that. When they do so,
they might legitimately have miscompiled code calling this routine with
two valid iterators, 'nullptr' and 'nullptr'. There was even code doing
precisely this because StringRef().begin() and StringRef().end() both
produce null pointers.
This was found by UBSan.
Modified:
llvm/trunk/include/llvm/ADT/SmallVector.h
Modified: llvm/trunk/include/llvm/ADT/SmallVector.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/include/llvm/ADT/SmallVector.h?rev=243927&r1=243926&r2=243927&view=diff
==============================================================================
--- llvm/trunk/include/llvm/ADT/SmallVector.h (original)
+++ llvm/trunk/include/llvm/ADT/SmallVector.h Mon Aug 3 19:44:07 2015
@@ -315,8 +315,10 @@ protected:
T2>::value>::type * = nullptr) {
// Use memcpy for PODs iterated by pointers (which includes SmallVector
// iterators): std::uninitialized_copy optimizes to memmove, but we can
- // use memcpy here.
- memcpy(Dest, I, (E-I)*sizeof(T));
+ // use memcpy here. Note that I and E are iterators and thus might be
+ // invalid for memcpy if they are equal.
+ if (I != E)
+ memcpy(Dest, I, (E - I) * sizeof(T));
}
/// Double the size of the allocated memory, guaranteeing space for at
More information about the llvm-commits
mailing list