From 58bf572aa2060ad30a8e46dd0b4a5cf9bb748f85 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Sat, 13 Jun 2015 15:28:53 -0700 Subject: [PATCH] TypeHelpers.h: Don't underflow unsigned int When decrementing "n", eventually n will equal zero. When that happens, n-- underflows. This causes a crash when code which uses clang's -fsanitize=unsigned-integer-overflow is run. Avoid trigging an unsigned integer underflow. Change-Id: I9705be6580d61a164ef5fb1ec77e98a69d888438 --- include/utils/TypeHelpers.h | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/include/utils/TypeHelpers.h b/include/utils/TypeHelpers.h index 13c908159..61d618e70 100644 --- a/include/utils/TypeHelpers.h +++ b/include/utils/TypeHelpers.h @@ -131,7 +131,8 @@ int compare_type(const TYPE& lhs, const TYPE& rhs) { template inline void construct_type(TYPE* p, size_t n) { if (!traits::has_trivial_ctor) { - while (n--) { + while (n > 0) { + n--; new(p++) TYPE; } } @@ -140,7 +141,8 @@ void construct_type(TYPE* p, size_t n) { template inline void destroy_type(TYPE* p, size_t n) { if (!traits::has_trivial_dtor) { - while (n--) { + while (n > 0) { + n--; p->~TYPE(); p++; } @@ -150,7 +152,8 @@ void destroy_type(TYPE* p, size_t n) { template inline void copy_type(TYPE* d, const TYPE* s, size_t n) { if (!traits::has_trivial_copy) { - while (n--) { + while (n > 0) { + n--; new(d) TYPE(*s); d++, s++; } @@ -162,12 +165,14 @@ void copy_type(TYPE* d, const TYPE* s, size_t n) { template inline void splat_type(TYPE* where, const TYPE* what, size_t n) { if (!traits::has_trivial_copy) { - while (n--) { + while (n > 0) { + n--; new(where) TYPE(*what); where++; } } else { - while (n--) { + while (n > 0) { + n--; *where++ = *what; } } @@ -182,7 +187,8 @@ void move_forward_type(TYPE* d, const TYPE* s, size_t n = 1) { } else { d += n; s += n; - while (n--) { + while (n > 0) { + n--; --d, --s; if (!traits::has_trivial_copy) { new(d) TYPE(*s); @@ -203,7 +209,8 @@ void move_backward_type(TYPE* d, const TYPE* s, size_t n = 1) { { memmove(d,s,n*sizeof(TYPE)); } else { - while (n--) { + while (n > 0) { + n--; if (!traits::has_trivial_copy) { new(d) TYPE(*s); } else {