From 871dc240d06b40ea2194677d5a85957cbdbbbe60 Mon Sep 17 00:00:00 2001 From: Duncan Sands Date: Tue, 29 Jun 2010 20:12:02 +0000 Subject: [PATCH] Fix a buffer overflow noticed by gcc-4.6: zero is written into SmallArray[SmallSize] in the SmallPtrSetIteratorImpl, and this is one off the end of the array. For those who care, right now gcc warns about writing off the end because it is confused about the declaration of SmallArray as having length 1 in the parent class SmallPtrSetIteratorImpl. However if you tweak code to unconfuse it, then it still warns about writing off the end of the array, because of this buffer overflow. In short, even with this fix gcc-4.6 will warn about writing off the end of the array, but now that is only because it is confused. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@107200 91177308-0d34-0410-b5e6-96231b3b80d8 --- include/llvm/ADT/SmallPtrSet.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/llvm/ADT/SmallPtrSet.h b/include/llvm/ADT/SmallPtrSet.h index 48637f37a2c..f1405fab9cb 100644 --- a/include/llvm/ADT/SmallPtrSet.h +++ b/include/llvm/ADT/SmallPtrSet.h @@ -233,7 +233,7 @@ template class SmallPtrSet : public SmallPtrSetImpl { // Make sure that SmallSize is a power of two, round up if not. enum { SmallSizePowTwo = NextPowerOfTwo::Val }; - void *SmallArray[SmallSizePowTwo]; + void *SmallArray[SmallSizePowTwo+1]; typedef PointerLikeTypeTraits PtrTraits; public: SmallPtrSet() : SmallPtrSetImpl(SmallSizePowTwo) {}