summaryrefslogtreecommitdiffstats
path: root/lldb/source/Core/FastDemangle.cpp
diff options
context:
space:
mode:
authorJason Molenda <jmolenda@apple.com>2015-04-30 23:42:56 +0000
committerJason Molenda <jmolenda@apple.com>2015-04-30 23:42:56 +0000
commitebd01b0ae68f7eff7e671f5b2df921e59e73e9a9 (patch)
tree1b5195097d0f04b7394fccce8bd21e93caaf8fa0 /lldb/source/Core/FastDemangle.cpp
parentd0014bf6f815ac66091a00cedd78f03a529879c9 (diff)
downloadbcm5719-llvm-ebd01b0ae68f7eff7e671f5b2df921e59e73e9a9.tar.gz
bcm5719-llvm-ebd01b0ae68f7eff7e671f5b2df921e59e73e9a9.zip
Guard against the case where the Write method is called with
an argument pointing into the middle of m_buffer and then Write() calls GrowBuffer() to resize m_buffer, leaving the content argument pointing into deallocated memory. Patch by Kate Stone. <rdar://problem/20756722> llvm-svn: 236286
Diffstat (limited to 'lldb/source/Core/FastDemangle.cpp')
-rw-r--r--lldb/source/Core/FastDemangle.cpp13
1 files changed, 11 insertions, 2 deletions
diff --git a/lldb/source/Core/FastDemangle.cpp b/lldb/source/Core/FastDemangle.cpp
index 53e8972e804..0f12af2783d 100644
--- a/lldb/source/Core/FastDemangle.cpp
+++ b/lldb/source/Core/FastDemangle.cpp
@@ -383,10 +383,19 @@ private:
char *end_m_write_ptr = m_write_ptr + content_length;
if (end_m_write_ptr > m_buffer_end)
{
- GrowBuffer(end_m_write_ptr - m_buffer_end);
+ if (content >= m_buffer && content < m_buffer_end)
+ {
+ long offset = content - m_buffer;
+ GrowBuffer (end_m_write_ptr - m_buffer_end);
+ content = m_buffer + offset;
+ }
+ else
+ {
+ GrowBuffer (end_m_write_ptr - m_buffer_end);
+ }
end_m_write_ptr = m_write_ptr + content_length;
}
- memcpy(m_write_ptr, content, content_length);
+ memcpy (m_write_ptr, content, content_length);
m_write_ptr = end_m_write_ptr;
}
#define WRITE(x) Write(x, sizeof (x) - 1)
OpenPOWER on IntegriCloud