[cfe-commits] r50815 - /cfe/trunk/lib/AST/Expr.cpp
Ted Kremenek
kremenek at apple.com
Wed May 7 09:59:20 PDT 2008
On May 7, 2008, at 9:50 AM, Steve Naroff wrote:
>
> Fix off-by-one error.
>
> Modified:
> cfe/trunk/lib/AST/Expr.cpp
>
> Modified: cfe/trunk/lib/AST/Expr.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/AST/Expr.cpp?rev=50815&r1=50814&r2=50815&view=diff
>
> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- cfe/trunk/lib/AST/Expr.cpp (original)
> +++ cfe/trunk/lib/AST/Expr.cpp Wed May 7 11:50:14 2008
> @@ -1369,7 +1369,7 @@
> return reinterpret_cast<Stmt**>(&InitExprs[0]);
> }
> Stmt::child_iterator InitListExpr::child_end() {
> - return reinterpret_cast<Stmt**>(&InitExprs[getNumInits()]);
> + return reinterpret_cast<Stmt**>(&InitExprs[getNumInits()-1]);
> }
Hi Steve,
I'm not certain if this is correct. If getNumInits() is 0 then the
end will point to before the beginning. While the original code looks
like buffer overflow, you do want the end iterator to point to *after*
the last valid element:
return reinterpret_cast<Stmt**>(&InitExprs[0] + InitExprs.size());
(this of course is what you had before).
Ted
More information about the cfe-commits
mailing list