[cfe-commits] r81092 - /cfe/trunk/lib/Analysis/RegionStore.cpp
Ted Kremenek
kremenek at apple.com
Sat Sep 5 10:59:01 PDT 2009
Author: kremenek
Date: Sat Sep 5 12:59:01 2009
New Revision: 81092
URL: http://llvm.org/viewvc/llvm-project?rev=81092&view=rev
Log:
Fix buffer overflow reported in PR 4903.
Modified:
cfe/trunk/lib/Analysis/RegionStore.cpp
Modified: cfe/trunk/lib/Analysis/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/RegionStore.cpp?rev=81092&r1=81091&r2=81092&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/RegionStore.cpp (original)
+++ cfe/trunk/lib/Analysis/RegionStore.cpp Sat Sep 5 12:59:01 2009
@@ -1010,11 +1010,14 @@
SVal Idx = R->getIndex();
if (nonloc::ConcreteInt *CI = dyn_cast<nonloc::ConcreteInt>(&Idx)) {
int64_t i = CI->getValue().getSExtValue();
- char c;
- if (i == Str->getByteLength())
- c = '\0';
- else
- c = Str->getStrData()[i];
+ int64_t byteLength = Str->getByteLength();
+ if (i > byteLength) {
+ // Buffer overflow checking in GRExprEngine should handle this case,
+ // but we shouldn't rely on it to not overflow here if that checking
+ // is disabled.
+ return UnknownVal();
+ }
+ char c = (i == byteLength) ? '\0' : Str->getStrData()[i];
return ValMgr.makeIntVal(c, getContext().CharTy);
}
}
More information about the cfe-commits
mailing list