Fix integer overflow in PCHReader when reading the length of an

identifier. This caused a crash when reading PCH files that contained long identifier names. The issue is that 'StrLenPtr' was previously a 'const char *', meaning the byte loaded from it would be interpretted as a signed integer. If the topmost bit was set, conversion to 'unsigned' would extend that bit, causing an overflow. The solution is to make 'StrLenPtr' an 'unsigned char *', always treating the value as an unsigned integer. This fixes: <rdar://problem/7328900> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84925 91177308-0d34-0410-b5e6-96231b3b80d8
author: Ted Kremenek <kremenek@apple.com> 2009-10-23 03:57:22 +0000
committer: Ted Kremenek <kremenek@apple.com> 2009-10-23 03:57:22 +0000
commit: ff1ea462bf6f079a786c600d5fc3716235ad9f22 (patch)
tree: 4ff00b3d3fb079b5ee06521e67912f84826887cb /lib/Frontend/PCHReader.cpp
parent: ca2c3e2cfc630db614298e8d7f2aaca4507e01e1 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/Frontend/PCHReader.cpp b/lib/Frontend/PCHReader.cpp
index e804bfc90e..d4302f44c8 100644
--- a/lib/Frontend/PCHReader.cpp
+++ b/lib/Frontend/PCHReader.cpp
@@ -2515,7 +2515,7 @@ IdentifierInfo *PCHReader::DecodeIdentifierInfo(unsigned ID) {
     // All of the strings in the PCH file are preceded by a 16-bit
     // length. Extract that 16-bit length to avoid having to execute
     // strlen().
-    const char *StrLenPtr = Str - 2;
+    const unsigned char *StrLenPtr = (const unsigned char*) Str - 2;
     unsigned StrLen = (((unsigned) StrLenPtr[0])
                        | (((unsigned) StrLenPtr[1]) << 8)) - 1;
     IdentifiersLoaded[ID - 1]
author	Ted Kremenek <kremenek@apple.com>	2009-10-23 03:57:22 +0000
committer	Ted Kremenek <kremenek@apple.com>	2009-10-23 03:57:22 +0000
commit	ff1ea462bf6f079a786c600d5fc3716235ad9f22 (patch)
tree	4ff00b3d3fb079b5ee06521e67912f84826887cb /lib/Frontend/PCHReader.cpp
parent	ca2c3e2cfc630db614298e8d7f2aaca4507e01e1 (diff)