[LLVMbugs] Fix for heap corruption bug

Argiris Kirtzidis akyrtzi at gmail.com
Sat Feb 23 02:44:49 PST 2008


The attached patch fixes a very small bug:

  if (!cstr)
    cstr = new char[len + (isNullTerm ? 1 : 0)];
  assert (cstr != NULL);
  for (unsigned i = 0; i < len; ++i)
    cstr[i] = (char) ReadInt();
  if (isNullTerm)
    cstr[len+1] = '\0';

"cstr[len+1] = '\0';" writes one byte after the reserved block of 
memory; msvcrt was kind enough to report it with a "heap corruption" 
error ;)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: heap-fix.zip
Type: application/octet-stream
Size: 318 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20080223/f8109674/attachment.obj>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: heap-fix.patch
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20080223/f8109674/attachment.ksh>

More information about the llvm-bugs mailing list