https://github.com/Keenuts created https://github.com/llvm/llvm-project/pull/70193
This was found by doing bound-checking on SmallVector iterator usage. When the count is 0, the end iterator is dereferenced to get its address. This doesn't seem to be an issue in practice as most of the time, and we are allowed to deref this address, but I don't think this is correct. From cde1bc9613fa384e4355d39ea29b705b1140dc83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nathan=20Gau=C3=ABr?= <brio...@google.com> Date: Wed, 25 Oct 2023 12:40:22 +0200 Subject: [PATCH] [NFC][Clang] Fix potential deref of end iterator MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This was found by doing bound-checking on SmallVector iterator usage. When the count is 0, the end iterator is dereferenced to get its address. This doesn't seem to be an issue in practice as most of the time, and we are allowed to deref this address, but I don't think this is correct. Signed-off-by: Nathan Gauër <brio...@google.com> --- clang/include/clang/Sema/CXXFieldCollector.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clang/include/clang/Sema/CXXFieldCollector.h b/clang/include/clang/Sema/CXXFieldCollector.h index f6ecd9f46e5ebdb..ce066581c93fda7 100644 --- a/clang/include/clang/Sema/CXXFieldCollector.h +++ b/clang/include/clang/Sema/CXXFieldCollector.h @@ -65,7 +65,7 @@ class CXXFieldCollector { /// getCurFields - Pointer to array of fields added to the currently parsed /// class. - FieldDecl **getCurFields() { return &*(Fields.end() - getCurNumFields()); } + FieldDecl **getCurFields() { return Fields.end() - getCurNumFields(); } /// FinishClass - Called by Sema::ActOnFinishCXXClassDef. void FinishClass() { _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits