[LLVMbugs] Fix for heap corruption bug
Ted Kremenek
kremenek at apple.com
Fri Feb 22 17:10:59 PST 2008
Fixed. Thanks!
On Feb 23, 2008, at 2:44 AM, Argiris Kirtzidis wrote:
> Hi,
>
> The attached patch fixes a very small bug:
>
> ---------------------------------------
> if (!cstr)
> cstr = new char[len + (isNullTerm ? 1 : 0)];
> assert (cstr != NULL);
> for (unsigned i = 0; i < len; ++i)
> cstr[i] = (char) ReadInt();
> if (isNullTerm)
> cstr[len+1] = '\0';
> ---------------------------------------
>
> "cstr[len+1] = '\0';" writes one byte after the reserved block of
> memory; msvcrt was kind enough to report it with a "heap corruption"
> error ;)
>
>
> <heap-fix.zip>Index: lib/Bitcode/Reader/Deserialize.cpp
> ===================================================================
> --- lib/Bitcode/Reader/Deserialize.cpp (revision 47480)
> +++ lib/Bitcode/Reader/Deserialize.cpp (working copy)
> @@ -324,7 +324,7 @@
> cstr[i] = (char) ReadInt();
>
> if (isNullTerm)
> - cstr[len+1] = '\0';
> + cstr[len] = '\0';
>
> return cstr;
> }
> _______________________________________________
> LLVMbugs mailing list
> LLVMbugs at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmbugs
More information about the llvm-bugs
mailing list