[llvm-branch-commits] [llvm-gcc-branch] r74061 - /llvm-gcc-4.2/branches/Apple/Bender/gcc/llvm-convert.cpp

Bill Wendling isanbard at gmail.com
Tue Jun 23 22:12:53 PDT 2009 

Author: void
Date: Wed Jun 24 00:12:53 2009
New Revision: 74061

URL: http://llvm.org/viewvc/llvm-project?rev=74061&view=rev
Log:
--- Merging r74056 into '.':
U    gcc/llvm-convert.cpp

Fix an array over-read problem that would sometimes manifest as a crash (when overreading
a string would point to invalid data.  The issue here is that TREE_STRING_LENGTH returns
the length in bytes of a string, not in characters.  This is different for a wide string.

In cases when this didn't crash, this bug would not manifest as a codegen problem, because
the code right below the overread would trim the length of the generated vector to the 
right length.

This fixes rdar://6961178

Modified:
    llvm-gcc-4.2/branches/Apple/Bender/gcc/llvm-convert.cpp

Modified: llvm-gcc-4.2/branches/Apple/Bender/gcc/llvm-convert.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm-gcc-4.2/branches/Apple/Bender/gcc/llvm-convert.cpp?rev=74061&r1=74060&r2=74061&view=diff

==============================================================================
--- llvm-gcc-4.2/branches/Apple/Bender/gcc/llvm-convert.cpp (original)
+++ llvm-gcc-4.2/branches/Apple/Bender/gcc/llvm-convert.cpp Wed Jun 24 00:12:53 2009
@@ -6544,13 +6544,17 @@
     for (unsigned i = 0; i != Len; ++i)
       Elts.push_back(ConstantInt::get(Type::Int8Ty, InStr[i]));
   } else if (ElTy == Type::Int16Ty) {
+    assert((Len&1) == 0 &&
+           "Length in bytes should be a multiple of element size");
     const unsigned short *InStr =
       (const unsigned short *)TREE_STRING_POINTER(exp);
-    for (unsigned i = 0; i != Len; ++i)
+    for (unsigned i = 0; i != Len/2; ++i)
       Elts.push_back(ConstantInt::get(Type::Int16Ty, InStr[i]));
   } else if (ElTy == Type::Int32Ty) {
+    assert((Len&3) == 0 &&
+           "Length in bytes should be a multiple of element size");
     const unsigned *InStr = (const unsigned *)TREE_STRING_POINTER(exp);
-    for (unsigned i = 0; i != Len; ++i)
+    for (unsigned i = 0; i != Len/4; ++i)
       Elts.push_back(ConstantInt::get(Type::Int32Ty, InStr[i]));
   } else {
     assert(0 && "Unknown character type!");

More information about the llvm-branch-commits mailing list