From 6c552c1d5f47fbba00e6268d96a26ad026f2da2a Mon Sep 17 00:00:00 2001 From: Chris Lattner Date: Tue, 20 Jul 2010 20:19:24 +0000 Subject: implement rdar://5739832 - operator new should check for overflow in multiply, causing clang to compile this code into something that correctly throws a length error, fixing a potential integer overflow security attack: void *test(long N) { return new int[N]; } int main() { test(1L << 62); } We do this even when exceptions are disabled, because it is better for the code to abort than for the attack to succeed. This is heavily based on a patch that Fariborz wrote. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108915 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/CodeGen/CGExpr.cpp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'lib/CodeGen/CGExpr.cpp') diff --git a/lib/CodeGen/CGExpr.cpp b/lib/CodeGen/CGExpr.cpp index fa5ac8fb14..d6a34562e5 100644 --- a/lib/CodeGen/CGExpr.cpp +++ b/lib/CodeGen/CGExpr.cpp @@ -1315,10 +1315,9 @@ llvm::BasicBlock *CodeGenFunction::getTrapBB() { // If we are not optimzing, don't collapse all calls to trap in the function // to the same call, that way, in the debugger they can see which operation - // did in fact fail. If we are optimizing, we collpase all call to trap down + // did in fact fail. If we are optimizing, we collapse all calls to trap down // to just one per function to save on codesize. - if (GCO.OptimizationLevel - && TrapBB) + if (GCO.OptimizationLevel && TrapBB) return TrapBB; llvm::BasicBlock *Cont = 0; -- cgit v1.2.3-70-g09d2