projects / platform / upstream / llvm.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 374bb6d)
Fixed a roll-over on size_t in getNewUninitMemBuffer()
authorDmitry Vassiliev <dvassiliev@accesssoftek.com>
Fri, 11 Mar 2022 09:16:58 +0000 (13:16 +0400)
committerDmitry Vassiliev <dvassiliev@accesssoftek.com>
Fri, 11 Mar 2022 09:16:58 +0000 (13:16 +0400)
Reviewed By: serge-sans-paille

Differential Revision: https://reviews.llvm.org/D121399

llvm/lib/Support/MemoryBuffer.cpp patch | blob | history
llvm/unittests/Support/MemoryBufferTest.cpp patch | blob | history

diff --git a/llvm/lib/Support/MemoryBuffer.cpp b/llvm/lib/Support/MemoryBuffer.cpp
index 5003822..872b874 100644 (file)
--- a/llvm/lib/Support/MemoryBuffer.cpp
+++ b/llvm/lib/Support/MemoryBuffer.cpp
@@ -286,6 +286,8 @@ WritableMemoryBuffer::getNewUninitMemBuffer(size_t Size, const Twine &BufferName
   StringRef NameRef = BufferName.toStringRef(NameBuf);
   size_t AlignedStringLen = alignTo(sizeof(MemBuffer) + NameRef.size() + 1, 16);
   size_t RealLen = AlignedStringLen + Size + 1;
+  if (RealLen <= Size) // Check for rollover.
+    return nullptr;
   char *Mem = static_cast<char*>(operator new(RealLen, std::nothrow));
   if (!Mem)
     return nullptr;
diff --git a/llvm/unittests/Support/MemoryBufferTest.cpp b/llvm/unittests/Support/MemoryBufferTest.cpp
index bcd2502..423d8f7 100644 (file)
--- a/llvm/unittests/Support/MemoryBufferTest.cpp
+++ b/llvm/unittests/Support/MemoryBufferTest.cpp
@@ -219,6 +219,11 @@ TEST_F(MemoryBufferTest, make_new) {
   EXPECT_NE(nullptr, Four.get());
   for (size_t i = 0; i < 123; ++i)
     EXPECT_EQ(0, Four->getBufferStart()[0]);
+
+  // uninitialized buffer with rollover size
+  OwningBuffer Five(
+      WritableMemoryBuffer::getNewUninitMemBuffer(SIZE_MAX, "huge"));
+  EXPECT_EQ(nullptr, Five.get());
 }
 
 void MemoryBufferTest::testGetOpenFileSlice(bool Reopen) {
Domain: System / Toolchain;