From 5f4aba6c8a73b51f583da7f4823c04531bfeb2ab Mon Sep 17 00:00:00 2001
From: NAKAMURA Takumi <geek4civic@gmail.com>
Date: Wed, 30 Apr 2014 09:33:50 +0000
Subject: raw_ostream::operator<<(StringRef): Avoid potential overflow in
 pointer arithmetic.

(OutBufCur + Size) might overflow if Size were large. For example on i686-linux,

  OutBufCur: 0xFFFDF27D
  OutBufEnd: 0xFFFDF370
  Size:      0x0002BF20 (180,000)

It caused flaky error in MC/COFF/section-name-encoding.s.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@207621 91177308-0d34-0410-b5e6-96231b3b80d8
---
 include/llvm/Support/raw_ostream.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/llvm/Support/raw_ostream.h b/include/llvm/Support/raw_ostream.h
index 94e4b19b7a..34fbe082cd 100644
--- a/include/llvm/Support/raw_ostream.h
+++ b/include/llvm/Support/raw_ostream.h
@@ -162,7 +162,7 @@ public:
     size_t Size = Str.size();
 
     // Make sure we can use the fast path.
-    if (OutBufCur+Size > OutBufEnd)
+    if (Size > (size_t)(OutBufEnd - OutBufCur))
       return write(Str.data(), Size);
 
     memcpy(OutBufCur, Str.data(), Size);
-- 
cgit v1.2.3