From c7db7f0454ed93e52875bedc3b76a08f92291445 Mon Sep 17 00:00:00 2001 From: Ahmed Bougacha Date: Wed, 7 Jan 2015 02:42:01 +0000 Subject: [PATCH] [ADT][SmallVector] Flip an assert comparison to avoid overflows yielding false-negatives. NFC. r221973 changed SmallVector::operator[] to use size_t instead of unsigned. Before that, on 64bit platforms, when a large index (say -1) was passed, truncating it to unsigned avoided an overflow when computing 'begin() + idx', and failed the range checking assertion, as expected. With r221973, idx isn't truncated, so the addition wraps to '(char*)begin() - 1', and doesn't fire anymore when it should have done so. This commit changes the comparison to instead compute 'end() - begin()' (i.e., 'size()'), which avoids potentially overflowing additions, and correctly triggers the assertion when values such as -1 are passed. Note that the problem already existed before that revision, on platforms where sizeof(size_t) == sizeof(unsigned). llvm-svn: 225338 --- llvm/include/llvm/ADT/SmallVector.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/llvm/include/llvm/ADT/SmallVector.h b/llvm/include/llvm/ADT/SmallVector.h index 1b52a6d..44a3521 100644 --- a/llvm/include/llvm/ADT/SmallVector.h +++ b/llvm/include/llvm/ADT/SmallVector.h @@ -135,11 +135,11 @@ public: const_pointer data() const { return const_pointer(begin()); } reference operator[](size_type idx) { - assert(begin() + idx < end()); + assert(idx < size()); return begin()[idx]; } const_reference operator[](size_type idx) const { - assert(begin() + idx < end()); + assert(idx < size()); return begin()[idx]; } -- 2.7.4