r177201 - Fix buffer underrun (invalid read) triggered during diagnostic rendering. The test would overflow when computing '0 - 1'.

Ted Kremenek Fri, 15 Mar 2013 16:15:02 -0700

Author: kremenek
Date: Fri Mar 15 18:09:37 2013
New Revision: 177201

URL: http://llvm.org/viewvc/llvm-project?rev=177201&view=rev
Log:
Fix buffer underrun (invalid read) triggered during diagnostic rendering.  The 
test would overflow when computing '0 - 1'.


I don't have a good testcase for this that does not depend on system headers.
It did not trigger with preprocessed output, and I had trouble reducing the 
example.

Fixes <rdar://problem/13324594>.

Thanks to Michael Greiner for reporting this issue.

Modified:
    cfe/trunk/lib/Frontend/TextDiagnostic.cpp

Modified: cfe/trunk/lib/Frontend/TextDiagnostic.cpp
URL: 
http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Frontend/TextDiagnostic.cpp?rev=177201&r1=177200&r2=177201&view=diff
==============================================================================
--- cfe/trunk/lib/Frontend/TextDiagnostic.cpp (original)
+++ cfe/trunk/lib/Frontend/TextDiagnostic.cpp Fri Mar 15 18:09:37 2013
@@ -958,7 +958,7 @@ static void highlightRange(const CharSou
     // Pick the last non-whitespace column.
     if (EndColNo > map.getSourceLine().size())
       EndColNo = map.getSourceLine().size();
-    while (EndColNo-1 &&
+    while (EndColNo &&
            (map.getSourceLine()[EndColNo-1] == ' ' ||
             map.getSourceLine()[EndColNo-1] == '\t'))
       EndColNo = map.startOfPreviousColumn(EndColNo);


_______________________________________________
cfe-commits mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits

r177201 - Fix buffer underrun (invalid read) triggered during diagnostic rendering. The test would overflow when computing '0 - 1'.

Reply via email to