On Oct 23, 2009, at 5:06 PM, John McCall wrote: > Fariborz Jahanian wrote: >> Author: fjahanian >> Date: Fri Oct 23 18:55:43 2009 >> New Revision: 84980 >> >> URL: http://llvm.org/viewvc/llvm-project?rev=84980&view=rev >> Log: >> Fixe a buffer overflow problem which causes a crash >> in a certain project. Need to have a permananent fix later >> (FIXME added). >> >> >> Modified: >> cfe/trunk/lib/AST/ASTContext.cpp >> >> Modified: cfe/trunk/lib/AST/ASTContext.cpp >> URL: >> http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/AST/ASTContext.cpp?rev=84980&r1=84979&r2=84980&view=diff >> >> = >> = >> = >> = >> = >> = >> = >> = >> = >> ===================================================================== >> --- cfe/trunk/lib/AST/ASTContext.cpp (original) >> +++ cfe/trunk/lib/AST/ASTContext.cpp Fri Oct 23 18:55:43 2009 >> @@ -2855,8 +2855,10 @@ >> >> // FIXME: Move up >> static int UniqueBlockByRefTypeID = 0; >> - char Name[36]; >> + // FIXME. This is error prone. Luckinly stack-canary stuff >> caught it. >> + char Name[128]; >> sprintf(Name, "__Block_byref_%d_%s", ++UniqueBlockByRefTypeID, >> DeclName); >> + assert((strlen(Name) < sizeof(Name)) && "BuildByRefType - buffer >> overflow"); >> RecordDecl *T; >> T = RecordDecl::Create(*this, TagDecl::TK_struct, TUDecl, >> SourceLocation(), >> &Idents.get(Name)); >> @@ -2904,8 +2906,10 @@ >> llvm::SmallVector<const Expr *, 8> &BlockDeclRefDecls) { >> // FIXME: Move up >> static int UniqueBlockParmTypeID = 0; >> - char Name[36]; >> + // FIXME. This is error prone. Luckinly stack-canary stuff >> caught it. >> + char Name[128]; >> sprintf(Name, "__block_literal_%u", ++UniqueBlockParmTypeID); >> + assert((strlen(Name) < sizeof(Name)) && "getBlockParmType - >> buffer overflow"); >> RecordDecl *T; >> T = RecordDecl::Create(*this, TagDecl::TK_struct, TUDecl, >> SourceLocation(), >> &Idents.get(Name)); >> >> > > It doesn't fix the problem properly, but snprintf() will at least > never > trash the stack, and the return value will still permit the assert.
Yes, FIXME makes this point. I will shortly change it to alloca. - Fariborz > > > John. > _______________________________________________ > cfe-commits mailing list > [email protected] > http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits _______________________________________________ cfe-commits mailing list [email protected] http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
