raw_ostream::operator<<(StringRef): Avoid potential overflow in pointer arithmetic.

(OutBufCur + Size) might overflow if Size were large. For example on i686-linux,

  OutBufCur: 0xFFFDF27D
  OutBufEnd: 0xFFFDF370
  Size:      0x0002BF20 (180,000)

It caused flaky error in MC/COFF/section-name-encoding.s.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@207621 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/include/llvm/Support/raw_ostream.h b/include/llvm/Support/raw_ostream.h
index 94e4b19b7afc0428a0313cd54cf74fe587bae297..34fbe082cda804178647039e0d00b9c30f6bd048 100644 (file)
--- a/include/llvm/Support/raw_ostream.h
+++ b/include/llvm/Support/raw_ostream.h
@@ -162,7 +162,7 @@ public:
     size_t Size = Str.size();
 
     // Make sure we can use the fast path.
-    if (OutBufCur+Size > OutBufEnd)
+    if (Size > (size_t)(OutBufEnd - OutBufCur))
       return write(Str.data(), Size);
 
     memcpy(OutBufCur, Str.data(), Size);