[clang] [NFC][Clang] Fix potential deref of end iterator (PR #70193)
Nathan Gauër via cfe-commits
cfe-commits at lists.llvm.org
Wed Oct 25 03:57:33 PDT 2023
https://github.com/Keenuts created https://github.com/llvm/llvm-project/pull/70193
This was found by doing bound-checking on SmallVector iterator usage. When the count is 0, the end iterator is dereferenced to get its address. This doesn't seem to be an issue in practice as most of the time, and we are allowed to deref this address, but I don't think this is correct.
>From cde1bc9613fa384e4355d39ea29b705b1140dc83 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nathan=20Gau=C3=ABr?= <brioche at google.com>
Date: Wed, 25 Oct 2023 12:40:22 +0200
Subject: [PATCH] [NFC][Clang] Fix potential deref of end iterator
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This was found by doing bound-checking on SmallVector iterator usage.
When the count is 0, the end iterator is dereferenced to get its
address. This doesn't seem to be an issue in practice as most of the
time, and we are allowed to deref this address, but I don't think
this is correct.
Signed-off-by: Nathan Gauër <brioche at google.com>
---
clang/include/clang/Sema/CXXFieldCollector.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/clang/include/clang/Sema/CXXFieldCollector.h b/clang/include/clang/Sema/CXXFieldCollector.h
index f6ecd9f46e5ebdb..ce066581c93fda7 100644
--- a/clang/include/clang/Sema/CXXFieldCollector.h
+++ b/clang/include/clang/Sema/CXXFieldCollector.h
@@ -65,7 +65,7 @@ class CXXFieldCollector {
/// getCurFields - Pointer to array of fields added to the currently parsed
/// class.
- FieldDecl **getCurFields() { return &*(Fields.end() - getCurNumFields()); }
+ FieldDecl **getCurFields() { return Fields.end() - getCurNumFields(); }
/// FinishClass - Called by Sema::ActOnFinishCXXClassDef.
void FinishClass() {
More information about the cfe-commits
mailing list