diff options
| author | Chandler Carruth <chandlerc@gmail.com> | 2015-08-04 03:52:52 +0000 |
|---|---|---|
| committer | Chandler Carruth <chandlerc@gmail.com> | 2015-08-04 03:52:52 +0000 |
| commit | d96e877788f61ea4cb53e2005cf1016f208dfd9d (patch) | |
| tree | 867924e693d2f385e177f15b66b47ef20ef369e3 | |
| parent | 7771197955dd06dd1b9f9653fa731e9ec9060b83 (diff) | |
| download | bcm5719-llvm-d96e877788f61ea4cb53e2005cf1016f208dfd9d.tar.gz bcm5719-llvm-d96e877788f61ea4cb53e2005cf1016f208dfd9d.zip | |
[UB] Fix two cases of UB in copy/pasted code from SmallVector.
We should really stop copying and pasting code around. =/
Found by UBSan.
llvm-svn: 243945
| -rw-r--r-- | clang/include/clang/AST/ASTVector.h | 17 | ||||
| -rw-r--r-- | clang/include/clang/Analysis/Support/BumpVector.h | 17 |
2 files changed, 18 insertions, 16 deletions
diff --git a/clang/include/clang/AST/ASTVector.h b/clang/include/clang/AST/ASTVector.h index 6ec054582e2..79453bf1087 100644 --- a/clang/include/clang/AST/ASTVector.h +++ b/clang/include/clang/AST/ASTVector.h @@ -384,14 +384,15 @@ void ASTVector<T>::grow(const ASTContext &C, size_t MinSize) { T *NewElts = new (C, llvm::alignOf<T>()) T[NewCapacity]; // Copy the elements over. - if (std::is_class<T>::value) { - std::uninitialized_copy(Begin, End, NewElts); - // Destroy the original elements. - destroy_range(Begin, End); - } - else { - // Use memcpy for PODs (std::uninitialized_copy optimizes to memmove). - memcpy(NewElts, Begin, CurSize * sizeof(T)); + if (Begin != End) { + if (std::is_class<T>::value) { + std::uninitialized_copy(Begin, End, NewElts); + // Destroy the original elements. + destroy_range(Begin, End); + } else { + // Use memcpy for PODs (std::uninitialized_copy optimizes to memmove). + memcpy(NewElts, Begin, CurSize * sizeof(T)); + } } // ASTContext never frees any memory. diff --git a/clang/include/clang/Analysis/Support/BumpVector.h b/clang/include/clang/Analysis/Support/BumpVector.h index 841adf64557..3abe32d79cc 100644 --- a/clang/include/clang/Analysis/Support/BumpVector.h +++ b/clang/include/clang/Analysis/Support/BumpVector.h @@ -223,14 +223,15 @@ void BumpVector<T>::grow(BumpVectorContext &C, size_t MinSize) { T *NewElts = C.getAllocator().template Allocate<T>(NewCapacity); // Copy the elements over. - if (std::is_class<T>::value) { - std::uninitialized_copy(Begin, End, NewElts); - // Destroy the original elements. - destroy_range(Begin, End); - } - else { - // Use memcpy for PODs (std::uninitialized_copy optimizes to memmove). - memcpy(NewElts, Begin, CurSize * sizeof(T)); + if (Begin != End) { + if (std::is_class<T>::value) { + std::uninitialized_copy(Begin, End, NewElts); + // Destroy the original elements. + destroy_range(Begin, End); + } else { + // Use memcpy for PODs (std::uninitialized_copy optimizes to memmove). + memcpy(NewElts, Begin, CurSize * sizeof(T)); + } } // For now, leak 'Begin'. We can add it back to a freelist in |
