From e7a0719161ebc3600d3f584901ab8e2276acdb59 Mon Sep 17 00:00:00 2001
From: Benjamin Kramer <benny.kra@googlemail.com>
Date: Mon, 17 Oct 2011 20:49:40 +0000
Subject: Fix handling of the From parameter in StringRef::find.

Enable bounds checking to catch this kind of bug earlier.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@142247 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Support/StringRef.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'lib/Support/StringRef.cpp')

diff --git a/lib/Support/StringRef.cpp b/lib/Support/StringRef.cpp
index a862ed2fa9..576b95f6a4 100644
--- a/lib/Support/StringRef.cpp
+++ b/lib/Support/StringRef.cpp
@@ -153,19 +153,22 @@ size_t StringRef::find(StringRef Str, size_t From) const {
     return npos;
   }
 
+  if (From >= Length)
+    return npos;
+
   // Build the bad char heuristic table, with uint8_t to reduce cache thrashing.
   uint8_t BadCharSkip[256];
   std::memset(BadCharSkip, N, 256);
   for (unsigned i = 0; i != N-1; ++i)
     BadCharSkip[(uint8_t)Str[i]] = N-1-i;
 
-  unsigned Len = Length, Pos = min(From, Length);
+  unsigned Len = Length-From, Pos = From;
   while (Len >= N) {
     if (substr(Pos, N).equals(Str)) // See if this is the correct substring.
       return Pos;
 
     // Otherwise skip the appropriate number of bytes.
-    uint8_t Skip = BadCharSkip[(uint8_t)Data[Pos+N-1]];
+    uint8_t Skip = BadCharSkip[(uint8_t)(*this)[Pos+N-1]];
     Len -= Skip;
     Pos += Skip;
   }
-- 
cgit v1.2.3-18-g5258