implement rdar://5739832 - operator new should check for overflow in multiply,

causing clang to compile this code into something that correctly throws a
length error, fixing a potential integer overflow security attack:

void *test(long N) {
  return new int[N];
}

int main() {
  test(1L << 62);
}

We do this even when exceptions are disabled, because it is better for the
code to abort than for the attack to succeed.

This is heavily based on a patch that Fariborz wrote.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108915 91177308-0d34-0410-b5e6-96231b3b80d8

0 files changed, 0 insertions, 0 deletions