[llvm-commits] Fix for overflow in SmallVector
Jeffrey Yasskin
jyasskin at google.com
Wed Apr 1 19:01:22 PDT 2009
The code was doing "if (End+NumInputs > Capacity) ...". If End is
close to 0xFFFFFFFF and NumInputs is large, it'll overflow, the
condition will come out false, and the vector won't grow to
accommodate the new elements, and the program will crash in memmove.
To my amazement, this actually crashed our buildbot. I think I got all
of the examples of this mistake, but I may have missed some if they
weren't spelled "Capacity".
make -C test isn't entirely happy with me in FrontendC, FrontendC++,
and FrontendFortran, but that could be because I'm using a 2.5 build
of llvm-gcc and not a trunk build.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: small_vector_overflow.patch
Type: application/octet-stream
Size: 1134 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20090401/51222924/attachment.obj>
More information about the llvm-commits
mailing list