From e87c38b229fca708c58dfb9dbb1806c531402dc1 Mon Sep 17 00:00:00 2001
From: Benjamin Kramer <benny.kra@googlemail.com>
Date: Tue, 5 Jul 2011 11:13:37 +0000
Subject: Don't overread the buffer when an %x escape in inline asm ends
 prematurely.

Tested by valgrind & Sema/asm.c.

llvm-svn: 134404
---
 clang/lib/AST/Stmt.cpp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'clang/lib/AST/Stmt.cpp')

diff --git a/clang/lib/AST/Stmt.cpp b/clang/lib/AST/Stmt.cpp
index 39f23fba9ed..e293f324aba 100644
--- a/clang/lib/AST/Stmt.cpp
+++ b/clang/lib/AST/Stmt.cpp
@@ -366,6 +366,10 @@ unsigned AsmStmt::AnalyzeAsmString(llvm::SmallVectorImpl<AsmStringPiece>&Pieces,
     // Handle %x4 and %x[foo] by capturing x as the modifier character.
     char Modifier = '\0';
     if (isalpha(EscapedChar)) {
+      if (CurPtr == StrEnd) { // Premature end.
+        DiagOffs = CurPtr-StrStart-1;
+        return diag::err_asm_invalid_escape;
+      }
       Modifier = EscapedChar;
       EscapedChar = *CurPtr++;
     }
-- 
cgit v1.2.3