Author: jmolenda
Date: Thu Apr 30 18:42:56 2015
New Revision: 236286
URL: http://llvm.org/viewvc/llvm-project?rev=236286&view=rev
Log:
Guard against the case where the Write method is called with
an argument pointing into the middle of m_buffer and then
Write() calls GrowBuffer() to resize m_buffer, leaving
the content argument pointing into deallocated memory.
Patch by Kate Stone.
<rdar://problem/20756722>
Modified:
lldb/trunk/source/Core/FastDemangle.cpp
Modified: lldb/trunk/source/Core/FastDemangle.cpp
URL:
http://llvm.org/viewvc/llvm-project/lldb/trunk/source/Core/FastDemangle.cpp?rev=236286&r1=236285&r2=236286&view=diff
==============================================================================
--- lldb/trunk/source/Core/FastDemangle.cpp (original)
+++ lldb/trunk/source/Core/FastDemangle.cpp Thu Apr 30 18:42:56 2015
@@ -383,10 +383,19 @@ private:
char *end_m_write_ptr = m_write_ptr + content_length;
if (end_m_write_ptr > m_buffer_end)
{
- GrowBuffer(end_m_write_ptr - m_buffer_end);
+ if (content >= m_buffer && content < m_buffer_end)
+ {
+ long offset = content - m_buffer;
+ GrowBuffer (end_m_write_ptr - m_buffer_end);
+ content = m_buffer + offset;
+ }
+ else
+ {
+ GrowBuffer (end_m_write_ptr - m_buffer_end);
+ }
end_m_write_ptr = m_write_ptr + content_length;
}
- memcpy(m_write_ptr, content, content_length);
+ memcpy (m_write_ptr, content, content_length);
m_write_ptr = end_m_write_ptr;
}
#define WRITE(x) Write(x, sizeof (x) - 1)
_______________________________________________
lldb-commits mailing list
lldb-commits@cs.uiuc.edu
http://lists.cs.uiuc.edu/mailman/listinfo/lldb-commits
