From 4bd0224887a8de1434186cad2f618c18dea06c0b Mon Sep 17 00:00:00 2001 From: Yuchen Wu Date: Thu, 14 Nov 2013 00:38:41 +0000 Subject: [PATCH] llvm-cov: Slightly improved error checking. - readInt() should check all 4 bytes can be read, not just 1. - In the event of false data in the gcno file, it was possible to index into a non-existent index of SmallVector, causing assertion error. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@194639 91177308-0d34-0410-b5e6-96231b3b80d8 --- include/llvm/Support/GCOV.h | 4 ++-- lib/IR/GCOV.cpp | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/include/llvm/Support/GCOV.h b/include/llvm/Support/GCOV.h index 469a9e3ef94..0aa716aac07 100644 --- a/include/llvm/Support/GCOV.h +++ b/include/llvm/Support/GCOV.h @@ -152,11 +152,11 @@ public: } bool readInt(uint32_t &Val) { - StringRef Str = Buffer->getBuffer().slice(Cursor, Cursor+4); - if (Str.empty()) { + if (Buffer->getBuffer().size() < Cursor+4) { errs() << "Unexpected end of memory buffer: " << Cursor+4 << ".\n"; return false; } + StringRef Str = Buffer->getBuffer().slice(Cursor, Cursor+4); Cursor += 4; Val = *(const uint32_t *)(Str.data()); return true; diff --git a/lib/IR/GCOV.cpp b/lib/IR/GCOV.cpp index 65ed3a5a84b..a91e88c4e0f 100644 --- a/lib/IR/GCOV.cpp +++ b/lib/IR/GCOV.cpp @@ -135,6 +135,10 @@ bool GCOVFunction::read(GCOVBuffer &Buff, GCOV::GCOVFormat Format) { // This for loop adds the counts for each block. A second nested loop is // required to combine the edge counts that are contained in the GCDA file. for (uint32_t Line = 0; Count > 0; ++Line) { + if (Line >= Blocks.size()) { + errs() << "Unexpected number of edges.\n"; + return false; + } GCOVBlock &Block = *Blocks[Line]; for (size_t Edge = 0, End = Block.getNumEdges(); Edge < End; ++Edge) { if (Count == 0) {