maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

Fix buffer overflow reported in PR 4903. 

llvm-svn: 81092
This commit is contained in:
Ted Kremenek 2009-09-05 17:59:01 +00:00
parent 25900fc909
commit b5850f9c80
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
clang/lib/Analysis/RegionStore.cpp
View File

@ -1010,11 +1010,14 @@ SVal RegionStoreManager::RetrieveElement(const GRState* state,
SVal Idx = R->getIndex();
if (nonloc::ConcreteInt *CI = dyn_cast<nonloc::ConcreteInt>(&Idx)) {
int64_t i = CI->getValue().getSExtValue();
char c;
if (i == Str->getByteLength())
c = '\0';
else
c = Str->getStrData()[i];
int64_t byteLength = Str->getByteLength();
if (i > byteLength) {
// Buffer overflow checking in GRExprEngine should handle this case,
// but we shouldn't rely on it to not overflow here if that checking
// is disabled.
return UnknownVal();
}
char c = (i == byteLength) ? '\0' : Str->getStrData()[i];
return ValMgr.makeIntVal(c, getContext().CharTy);
}
}