Fix a buffer overflow noticed by gcc-4.6: zero is written into

SmallArray[SmallSize] in the SmallPtrSetIteratorImpl, and this is
one off the end of the array.  For those who care, right now gcc
warns about writing off the end because it is confused about the
declaration of SmallArray as having length 1 in the parent class
SmallPtrSetIteratorImpl.  However if you tweak code to unconfuse
it, then it still warns about writing off the end of the array,
because of this buffer overflow.  In short, even with this fix
gcc-4.6 will warn about writing off the end of the array, but now
that is only because it is confused.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@107200 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/include/llvm/ADT/SmallPtrSet.h b/include/llvm/ADT/SmallPtrSet.h
index 48637f37a2c2e704c27bdce940f129533b85f2bd..f1405fab9cb05d6e06028bb25d125c5e08663b9d 100644 (file)
--- a/include/llvm/ADT/SmallPtrSet.h
+++ b/include/llvm/ADT/SmallPtrSet.h
@@ -233,7 +233,7 @@ template<class PtrType, unsigned SmallSize>
 class SmallPtrSet : public SmallPtrSetImpl {
   // Make sure that SmallSize is a power of two, round up if not.
   enum { SmallSizePowTwo = NextPowerOfTwo<SmallSize>::Val };
 class SmallPtrSet : public SmallPtrSetImpl {
   // Make sure that SmallSize is a power of two, round up if not.
   enum { SmallSizePowTwo = NextPowerOfTwo<SmallSize>::Val };

-  void *SmallArray[SmallSizePowTwo];
+  void *SmallArray[SmallSizePowTwo+1];

   typedef PointerLikeTypeTraits<PtrType> PtrTraits;
 public:
   SmallPtrSet() : SmallPtrSetImpl(SmallSizePowTwo) {}
   typedef PointerLikeTypeTraits<PtrType> PtrTraits;
 public:
   SmallPtrSet() : SmallPtrSetImpl(SmallSizePowTwo) {}