From d112b820662286d6e07ee3913848e037905642ed Mon Sep 17 00:00:00 2001
From: NAKAMURA Takumi <geek4civic@gmail.com>
Date: Wed, 30 Apr 2014 09:33:50 +0000
Subject: [PATCH] raw_ostream::operator<<(StringRef): Avoid potential overflow
 in pointer arithmetic.

(OutBufCur + Size) might overflow if Size were large. For example on i686-linux,

  OutBufCur: 0xFFFDF27D
  OutBufEnd: 0xFFFDF370
  Size:      0x0002BF20 (180,000)

It caused flaky error in MC/COFF/section-name-encoding.s.

llvm-svn: 207621
---
 llvm/include/llvm/Support/raw_ostream.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/llvm/include/llvm/Support/raw_ostream.h b/llvm/include/llvm/Support/raw_ostream.h
index 94e4b19b7afc..34fbe082cda8 100644
--- a/llvm/include/llvm/Support/raw_ostream.h
+++ b/llvm/include/llvm/Support/raw_ostream.h
@@ -162,7 +162,7 @@ public:
     size_t Size = Str.size();
 
     // Make sure we can use the fast path.
-    if (OutBufCur+Size > OutBufEnd)
+    if (Size > (size_t)(OutBufEnd - OutBufCur))
       return write(Str.data(), Size);
 
     memcpy(OutBufCur, Str.data(), Size);