[cfe-commits] r84980 - /cfe/trunk/lib/AST/ASTContext.cpp

Fariborz Jahanian fjahanian at apple.com
Fri Oct 23 17:10:58 PDT 2009 

On Oct 23, 2009, at 5:06 PM, John McCall wrote:

> Fariborz Jahanian wrote:
>> Author: fjahanian
>> Date: Fri Oct 23 18:55:43 2009
>> New Revision: 84980
>>
>> URL: http://llvm.org/viewvc/llvm-project?rev=84980&view=rev
>> Log:
>> Fixe a buffer overflow problem which causes a crash
>> in a certain project. Need to have a permananent fix later
>> (FIXME added).
>>
>>
>> Modified:
>>    cfe/trunk/lib/AST/ASTContext.cpp
>>
>> Modified: cfe/trunk/lib/AST/ASTContext.cpp
>> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/AST/ASTContext.cpp?rev=84980&r1=84979&r2=84980&view=diff
>>
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =====================================================================
>> --- cfe/trunk/lib/AST/ASTContext.cpp (original)
>> +++ cfe/trunk/lib/AST/ASTContext.cpp Fri Oct 23 18:55:43 2009
>> @@ -2855,8 +2855,10 @@
>>
>>   // FIXME: Move up
>>   static int UniqueBlockByRefTypeID = 0;
>> -  char Name[36];
>> +  // FIXME. This is error prone. Luckinly stack-canary stuff  
>> caught it.
>> +  char Name[128];
>>   sprintf(Name, "__Block_byref_%d_%s", ++UniqueBlockByRefTypeID,  
>> DeclName);
>> +  assert((strlen(Name) < sizeof(Name)) && "BuildByRefType - buffer  
>> overflow");
>>   RecordDecl *T;
>>   T = RecordDecl::Create(*this, TagDecl::TK_struct, TUDecl,  
>> SourceLocation(),
>>                          &Idents.get(Name));
>> @@ -2904,8 +2906,10 @@
>>   llvm::SmallVector<const Expr *, 8> &BlockDeclRefDecls) {
>>   // FIXME: Move up
>>   static int UniqueBlockParmTypeID = 0;
>> -  char Name[36];
>> +  // FIXME. This is error prone. Luckinly stack-canary stuff  
>> caught it.
>> +  char Name[128];
>>   sprintf(Name, "__block_literal_%u", ++UniqueBlockParmTypeID);
>> +  assert((strlen(Name) < sizeof(Name)) && "getBlockParmType -  
>> buffer overflow");
>>   RecordDecl *T;
>>   T = RecordDecl::Create(*this, TagDecl::TK_struct, TUDecl,  
>> SourceLocation(),
>>                          &Idents.get(Name));
>>
>>
>
> It doesn't fix the problem properly, but snprintf() will at least  
> never
> trash the stack, and the return value will still permit the assert.

Yes, FIXME makes this point.  I will shortly change it to alloca.

- Fariborz

>
>
> John.
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits

More information about the cfe-commits mailing list