kamleshbhalui created this revision.
kamleshbhalui added a reviewer: phosek.
Herald added subscribers: libcxx-commits, ldionne, christof.
kamleshbhalui edited the summary of this revision.
reg is unsigned type and used here for getting array element from the end by
negating it.
negation of unsigned can result in large number and array access with that
index will result in segmentation
fault.
As a Fix we cast reg to int then negate it.
Fixes this.
https://bugs.llvm.org/show_bug.cgi?id=43872
Repository:
rUNW libunwind
https://reviews.llvm.org/D69893
Files:
libunwind/src/DwarfInstructions.hpp
Index: libunwind/src/DwarfInstructions.hpp
===================================================================
--- libunwind/src/DwarfInstructions.hpp
+++ libunwind/src/DwarfInstructions.hpp
@@ -430,7 +430,7 @@
// pick from
reg = addressSpace.get8(p);
p += 1;
- value = sp[-reg];
+ value = sp[-(int)reg];
*(++sp) = value;
if (log)
fprintf(stderr, "duplicate %d in stack\n", reg);
Index: libunwind/src/DwarfInstructions.hpp
===================================================================
--- libunwind/src/DwarfInstructions.hpp
+++ libunwind/src/DwarfInstructions.hpp
@@ -430,7 +430,7 @@
// pick from
reg = addressSpace.get8(p);
p += 1;
- value = sp[-reg];
+ value = sp[-(int)reg];
*(++sp) = value;
if (log)
fprintf(stderr, "duplicate %d in stack\n", reg);
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
