implement rdar://5739832 - operator new should check for overflow in multiply,

causing clang to compile this code into something that correctly throws a length error, fixing a potential integer overflow security attack: void *test(long N) { return new int[N]; } int main() { test(1L << 62); } We do this even when exceptions are disabled, because it is better for the code to abort than for the attack to succeed. This is heavily based on a patch that Fariborz wrote. llvm-svn: 108915
author: Chris Lattner <sabre@nondot.org> 2010-07-20 20:19:24 +0000
committer: Chris Lattner <sabre@nondot.org> 2010-07-20 20:19:24 +0000
commit: 26008e07dea3ca4e4ee1f7634923059ea7f17f7a (patch)
tree: 8c49fce66759baecc9e1497120a425d04adc8af6 /clang/lib/CodeGen/CGExpr.cpp
parent: 47a0f0d56f7a229bf2646c7b69fbe1ed43b87715 (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/clang/lib/CodeGen/CGExpr.cpp b/clang/lib/CodeGen/CGExpr.cpp
index fa5ac8fb14f9..d6a34562e559 100644
--- a/clang/lib/CodeGen/CGExpr.cpp
+++ b/clang/lib/CodeGen/CGExpr.cpp
@@ -1315,10 +1315,9 @@ llvm::BasicBlock *CodeGenFunction::getTrapBB() {
 
   // If we are not optimzing, don't collapse all calls to trap in the function
   // to the same call, that way, in the debugger they can see which operation
-  // did in fact fail.  If we are optimizing, we collpase all call to trap down
+  // did in fact fail.  If we are optimizing, we collapse all calls to trap down
   // to just one per function to save on codesize.
-  if (GCO.OptimizationLevel
-      && TrapBB)
+  if (GCO.OptimizationLevel && TrapBB)
     return TrapBB;
 
   llvm::BasicBlock *Cont = 0;
author	Chris Lattner <sabre@nondot.org>	2010-07-20 20:19:24 +0000
committer	Chris Lattner <sabre@nondot.org>	2010-07-20 20:19:24 +0000
commit	26008e07dea3ca4e4ee1f7634923059ea7f17f7a (patch)
tree	8c49fce66759baecc9e1497120a425d04adc8af6 /clang/lib/CodeGen/CGExpr.cpp
parent	47a0f0d56f7a229bf2646c7b69fbe1ed43b87715 (diff)