[llvm-branch-commits] [llvm-branch] r244224 - Merging r243927, r243932, and r243934:

Hans Wennborg via llvm-branch-commits llvm-branch-commits at lists.llvm.org
Thu Aug 6 09:02:17 PDT 2015 

Author: hans
Date: Thu Aug  6 11:02:17 2015
New Revision: 244224

URL: http://llvm.org/viewvc/llvm-project?rev=244224&view=rev
Log:
Merging r243927, r243932, and r243934:
------------------------------------------------------------------------
r243927 | chandlerc | 2015-08-03 17:44:07 -0700 (Mon, 03 Aug 2015) | 11 lines

[UB] Fix a nasty place where we would pass null pointers to memcpy.

This happens to work, but is not guaranteed to work. Indeed, most memcpy
interfaces in Linux-land annotate these arguments as nonnull, and GCC
and LLVM both can and do optimized based upon that. When they do so,
they might legitimately have miscompiled code calling this routine with
two valid iterators, 'nullptr' and 'nullptr'. There was even code doing
precisely this because StringRef().begin() and StringRef().end() both
produce null pointers.

This was found by UBSan.
------------------------------------------------------------------------

------------------------------------------------------------------------
r243932 | chandlerc | 2015-08-03 17:53:01 -0700 (Mon, 03 Aug 2015) | 3 lines

[UB] Fix another place where we would pass a null pointer to memcpy.

This too was found by UBSan. Down to 35 failures for me.
------------------------------------------------------------------------

------------------------------------------------------------------------
r243934 | chandlerc | 2015-08-03 18:00:56 -0700 (Mon, 03 Aug 2015) | 4 lines

[UB] Fix yet another use of memcpy with a null pointer argument. I think
this is the last of them in my build of LLVM. Haven't tried Clang yet.

Found via UBSan.
------------------------------------------------------------------------

Modified:
    llvm/branches/release_37/   (props changed)
    llvm/branches/release_37/include/llvm/ADT/SmallVector.h
    llvm/branches/release_37/include/llvm/ADT/StringMap.h
    llvm/branches/release_37/lib/Support/MemoryBuffer.cpp

Propchange: llvm/branches/release_37/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Aug  6 11:02:17 2015
@@ -1,3 +1,3 @@
 /llvm/branches/Apple/Pertwee:110850,110961
 /llvm/branches/type-system-rewrite:133420-134817
-/llvm/trunk:155241,242236,242239,242281,242288,242296,242331,242341,242410,242412,242433-242434,242442,242543,242673,242680,242706,242721-242722,242733-242735,242742,242869,242919,242993,243001,243057,243116,243263,243294,243361,243469,243485,243500,243519,243531,243589,243609,243636,243638-243640,243745,243898,243984,243986,244058
+/llvm/trunk:155241,242236,242239,242281,242288,242296,242331,242341,242410,242412,242433-242434,242442,242543,242673,242680,242706,242721-242722,242733-242735,242742,242869,242919,242993,243001,243057,243116,243263,243294,243361,243469,243485,243500,243519,243531,243589,243609,243636,243638-243640,243745,243898,243927,243932,243934,243984,243986,244058

Modified: llvm/branches/release_37/include/llvm/ADT/SmallVector.h
URL: http://llvm.org/viewvc/llvm-project/llvm/branches/release_37/include/llvm/ADT/SmallVector.h?rev=244224&r1=244223&r2=244224&view=diff
==============================================================================
--- llvm/branches/release_37/include/llvm/ADT/SmallVector.h (original)
+++ llvm/branches/release_37/include/llvm/ADT/SmallVector.h Thu Aug  6 11:02:17 2015
@@ -315,8 +315,10 @@ protected:
                                            T2>::value>::type * = nullptr) {
     // Use memcpy for PODs iterated by pointers (which includes SmallVector
     // iterators): std::uninitialized_copy optimizes to memmove, but we can
-    // use memcpy here.
-    memcpy(Dest, I, (E-I)*sizeof(T));
+    // use memcpy here. Note that I and E are iterators and thus might be
+    // invalid for memcpy if they are equal.
+    if (I != E)
+      memcpy(Dest, I, (E - I) * sizeof(T));
   }
 
   /// Double the size of the allocated memory, guaranteeing space for at

Modified: llvm/branches/release_37/include/llvm/ADT/StringMap.h
URL: http://llvm.org/viewvc/llvm-project/llvm/branches/release_37/include/llvm/ADT/StringMap.h?rev=244224&r1=244223&r2=244224&view=diff
==============================================================================
--- llvm/branches/release_37/include/llvm/ADT/StringMap.h (original)
+++ llvm/branches/release_37/include/llvm/ADT/StringMap.h Thu Aug  6 11:02:17 2015
@@ -158,7 +158,8 @@ public:
 
     // Copy the string information.
     char *StrBuffer = const_cast<char*>(NewItem->getKeyData());
-    memcpy(StrBuffer, Key.data(), KeyLength);
+    if (KeyLength > 0)
+      memcpy(StrBuffer, Key.data(), KeyLength);
     StrBuffer[KeyLength] = 0;  // Null terminate for convenience of clients.
     return NewItem;
   }

Modified: llvm/branches/release_37/lib/Support/MemoryBuffer.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/branches/release_37/lib/Support/MemoryBuffer.cpp?rev=244224&r1=244223&r2=244224&view=diff
==============================================================================
--- llvm/branches/release_37/lib/Support/MemoryBuffer.cpp (original)
+++ llvm/branches/release_37/lib/Support/MemoryBuffer.cpp Thu Aug  6 11:02:17 2015
@@ -57,7 +57,8 @@ void MemoryBuffer::init(const char *BufS
 /// CopyStringRef - Copies contents of a StringRef into a block of memory and
 /// null-terminates it.
 static void CopyStringRef(char *Memory, StringRef Data) {
-  memcpy(Memory, Data.data(), Data.size());
+  if (!Data.empty())
+    memcpy(Memory, Data.data(), Data.size());
   Memory[Data.size()] = 0; // Null terminate string.
 }

More information about the llvm-branch-commits mailing list