From 3e64427cb3381b6fdb498bcdbf2abef0bf22e0f0 Mon Sep 17 00:00:00 2001
From: Nick Lewycky <nicholas@mxc.ca>
Date: Sat, 25 Jun 2011 17:08:50 +0000
Subject: Enhance the sanity check for block sizes; check that the resulting
 pointer is pointing to the range [first character, last character] instead of
 just not after the last character. Patch by Yan Ivnitskiy!

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@133867 91177308-0d34-0410-b5e6-96231b3b80d8
---
 include/llvm/Bitcode/BitstreamReader.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'include/llvm/Bitcode/BitstreamReader.h')

diff --git a/include/llvm/Bitcode/BitstreamReader.h b/include/llvm/Bitcode/BitstreamReader.h
index 779ef5f..0ca3ad1 100644
--- a/include/llvm/Bitcode/BitstreamReader.h
+++ b/include/llvm/Bitcode/BitstreamReader.h
@@ -375,10 +375,12 @@ public:
 
     // Check that the block wasn't partially defined, and that the offset isn't
     // bogus.
-    if (AtEndOfStream() || NextChar+NumWords*4 > BitStream->getLastChar())
+    const unsigned char *const SkipTo = NextChar + NumWords*4;
+    if (AtEndOfStream() || SkipTo > BitStream->getLastChar() ||
+                           SkipTo < BitStream->getFirstChar())
       return true;
 
-    NextChar += NumWords*4;
+    NextChar = SkipTo;
     return false;
   }
 
-- 
cgit v1.1