From d112b820662286d6e07ee3913848e037905642ed Mon Sep 17 00:00:00 2001 From: NAKAMURA Takumi <geek4civic@gmail.com> Date: Wed, 30 Apr 2014 09:33:50 +0000 Subject: [PATCH] raw_ostream::operator<<(StringRef): Avoid potential overflow in pointer arithmetic. (OutBufCur + Size) might overflow if Size were large. For example on i686-linux, OutBufCur: 0xFFFDF27D OutBufEnd: 0xFFFDF370 Size: 0x0002BF20 (180,000) It caused flaky error in MC/COFF/section-name-encoding.s. llvm-svn: 207621 --- llvm/include/llvm/Support/raw_ostream.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/llvm/include/llvm/Support/raw_ostream.h b/llvm/include/llvm/Support/raw_ostream.h index 94e4b19b7afc..34fbe082cda8 100644 --- a/llvm/include/llvm/Support/raw_ostream.h +++ b/llvm/include/llvm/Support/raw_ostream.h @@ -162,7 +162,7 @@ public: size_t Size = Str.size(); // Make sure we can use the fast path. - if (OutBufCur+Size > OutBufEnd) + if (Size > (size_t)(OutBufEnd - OutBufCur)) return write(Str.data(), Size); memcpy(OutBufCur, Str.data(), Size);