Author: chandlerc Date: Mon Aug 3 22:52:52 2015 New Revision: 243945 URL: http://llvm.org/viewvc/llvm-project?rev=243945&view=rev Log: [UB] Fix two cases of UB in copy/pasted code from SmallVector.
We should really stop copying and pasting code around. =/ Found by UBSan. Modified: cfe/trunk/include/clang/AST/ASTVector.h cfe/trunk/include/clang/Analysis/Support/BumpVector.h Modified: cfe/trunk/include/clang/AST/ASTVector.h URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/AST/ASTVector.h?rev=243945&r1=243944&r2=243945&view=diff ============================================================================== --- cfe/trunk/include/clang/AST/ASTVector.h (original) +++ cfe/trunk/include/clang/AST/ASTVector.h Mon Aug 3 22:52:52 2015 @@ -384,14 +384,15 @@ void ASTVector<T>::grow(const ASTContext T *NewElts = new (C, llvm::alignOf<T>()) T[NewCapacity]; // Copy the elements over. - if (std::is_class<T>::value) { - std::uninitialized_copy(Begin, End, NewElts); - // Destroy the original elements. - destroy_range(Begin, End); - } - else { - // Use memcpy for PODs (std::uninitialized_copy optimizes to memmove). - memcpy(NewElts, Begin, CurSize * sizeof(T)); + if (Begin != End) { + if (std::is_class<T>::value) { + std::uninitialized_copy(Begin, End, NewElts); + // Destroy the original elements. + destroy_range(Begin, End); + } else { + // Use memcpy for PODs (std::uninitialized_copy optimizes to memmove). + memcpy(NewElts, Begin, CurSize * sizeof(T)); + } } // ASTContext never frees any memory. Modified: cfe/trunk/include/clang/Analysis/Support/BumpVector.h URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/Support/BumpVector.h?rev=243945&r1=243944&r2=243945&view=diff ============================================================================== --- cfe/trunk/include/clang/Analysis/Support/BumpVector.h (original) +++ cfe/trunk/include/clang/Analysis/Support/BumpVector.h Mon Aug 3 22:52:52 2015 @@ -223,14 +223,15 @@ void BumpVector<T>::grow(BumpVectorConte T *NewElts = C.getAllocator().template Allocate<T>(NewCapacity); // Copy the elements over. - if (std::is_class<T>::value) { - std::uninitialized_copy(Begin, End, NewElts); - // Destroy the original elements. - destroy_range(Begin, End); - } - else { - // Use memcpy for PODs (std::uninitialized_copy optimizes to memmove). - memcpy(NewElts, Begin, CurSize * sizeof(T)); + if (Begin != End) { + if (std::is_class<T>::value) { + std::uninitialized_copy(Begin, End, NewElts); + // Destroy the original elements. + destroy_range(Begin, End); + } else { + // Use memcpy for PODs (std::uninitialized_copy optimizes to memmove). + memcpy(NewElts, Begin, CurSize * sizeof(T)); + } } // For now, leak 'Begin'. We can add it back to a freelist in _______________________________________________ cfe-commits mailing list cfe-commits@cs.uiuc.edu http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits