Author: chandlerc Date: Mon Aug 3 22:52:56 2015 New Revision: 243946 URL: http://llvm.org/viewvc/llvm-project?rev=243946&view=rev Log: [UB] Fix the two ways that we would try to memcpy from a null buffer in the nested name specifier code.
First, skip the entire thing when the input is empty. Next, handle the case where we started off with a null buffer and a zero capacity to skip copying and freeing. This was found with UBSan. Modified: cfe/trunk/lib/AST/NestedNameSpecifier.cpp Modified: cfe/trunk/lib/AST/NestedNameSpecifier.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/AST/NestedNameSpecifier.cpp?rev=243946&r1=243945&r2=243946&view=diff ============================================================================== --- cfe/trunk/lib/AST/NestedNameSpecifier.cpp (original) +++ cfe/trunk/lib/AST/NestedNameSpecifier.cpp Mon Aug 3 22:52:56 2015 @@ -435,17 +435,19 @@ TypeLoc NestedNameSpecifierLoc::getTypeL namespace { void Append(char *Start, char *End, char *&Buffer, unsigned &BufferSize, unsigned &BufferCapacity) { + if (Start == End) + return; + if (BufferSize + (End - Start) > BufferCapacity) { // Reallocate the buffer. - unsigned NewCapacity - = std::max((unsigned)(BufferCapacity? BufferCapacity * 2 - : sizeof(void*) * 2), - (unsigned)(BufferSize + (End - Start))); + unsigned NewCapacity = std::max( + (unsigned)(BufferCapacity ? BufferCapacity * 2 : sizeof(void *) * 2), + (unsigned)(BufferSize + (End - Start))); char *NewBuffer = static_cast<char *>(malloc(NewCapacity)); - memcpy(NewBuffer, Buffer, BufferSize); - - if (BufferCapacity) + if (BufferCapacity) { + memcpy(NewBuffer, Buffer, BufferSize); free(Buffer); + } Buffer = NewBuffer; BufferCapacity = NewCapacity; } _______________________________________________ cfe-commits mailing list cfe-commits@cs.uiuc.edu http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits