Fix integer overflow in PCHReader when reading the length of an

identifier. This caused a crash when reading PCH files that contained long identifier names. The issue is that 'StrLenPtr' was previously a 'const char *', meaning the byte loaded from it would be interpretted as a signed integer. If the topmost bit was set, conversion to 'unsigned' would extend that bit, causing an overflow. The solution is to make 'StrLenPtr' an 'unsigned char *', always treating the value as an unsigned integer. This fixes: <rdar://problem/7328900> llvm-svn: 84925
2009-10-23 03:57:22 +00:00 · 2009-10-23 03:57:22 +00:00 · 49c5232d9f
parent d73d7add37
commit 49c5232d9f
1 changed files with 1 additions and 1 deletions
--- a/clang/lib/Frontend/PCHReader.cpp
+++ b/clang/lib/Frontend/PCHReader.cpp
@ -2515,7 +2515,7 @@ IdentifierInfo *PCHReader::DecodeIdentifierInfo(unsigned ID) {
    // All of the strings in the PCH file are preceded by a 16-bit
    // length. Extract that 16-bit length to avoid having to execute
    // strlen().
-    const char *StrLenPtr = Str - 2;
+    const unsigned char *StrLenPtr = (const unsigned char*) Str - 2;
    unsigned StrLen = (((unsigned) StrLenPtr[0])
                       | (((unsigned) StrLenPtr[1]) << 8)) - 1;
    IdentifiersLoaded[ID - 1]