Fix improper dereference of end() iterator. Patch by Argiris Kirtzidis!

author Ted Kremenek <kremenek@apple.com>

Sun, 20 Apr 2008 23:54:24 +0000 (23:54 +0000)

committer Ted Kremenek <kremenek@apple.com>

Sun, 20 Apr 2008 23:54:24 +0000 (23:54 +0000)
author Ted Kremenek <kremenek@apple.com>
Sun, 20 Apr 2008 23:54:24 +0000 (23:54 +0000)
committer Ted Kremenek <kremenek@apple.com>
Sun, 20 Apr 2008 23:54:24 +0000 (23:54 +0000)
diff --git a/lib/Analysis/ExplodedGraph.cpp b/lib/Analysis/ExplodedGraph.cpp

index 3788551be00bba633cc6d4176aac2b3341953339..c184d1ec42f33ac48731f8b2c5a87ff9025dcca2 100644 (file)
--- a/lib/Analysis/ExplodedGraph.cpp
+++ b/lib/Analysis/ExplodedGraph.cpp
@@ -80,8 +80,11 @@ ExplodedNodeImpl** ExplodedNodeImpl::NodeGroup::end() const {
    
    if (getKind() == Size1)
      return (ExplodedNodeImpl**) (getPtr() ? &P+1 : NULL);
-  else
-    return const_cast<ExplodedNodeImpl**>(&*(getVector(getPtr()).end()));
+  else {
+    // Dereferencing end() is undefined behaviour. The vector is not empty, so
+    // we can dereference the last elem (end()-1) and then add 1 to the result.
+    return const_cast<ExplodedNodeImpl**>(&*(getVector(getPtr()).end()-1)) + 1;
+  }
  }
  
  ExplodedNodeImpl::NodeGroup::~NodeGroup() {
author	Ted Kremenek <kremenek@apple.com>
	Sun, 20 Apr 2008 23:54:24 +0000 (23:54 +0000)
committer	Ted Kremenek <kremenek@apple.com>
	Sun, 20 Apr 2008 23:54:24 +0000 (23:54 +0000)