From: Ted Kremenek <kremenek@apple.com>
Date: Sun, 20 Apr 2008 23:54:24 +0000 (+0000)
Subject: Fix improper dereference of end() iterator.  Patch by Argiris Kirtzidis!
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7b989570f0fe262b6bdbad412577450c81304936;p=clang

Fix improper dereference of end() iterator.  Patch by Argiris Kirtzidis!


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50012 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/Analysis/ExplodedGraph.cpp b/lib/Analysis/ExplodedGraph.cpp
index 3788551be0..c184d1ec42 100644
--- a/lib/Analysis/ExplodedGraph.cpp
+++ b/lib/Analysis/ExplodedGraph.cpp
@@ -80,8 +80,11 @@ ExplodedNodeImpl** ExplodedNodeImpl::NodeGroup::end() const {
   
   if (getKind() == Size1)
     return (ExplodedNodeImpl**) (getPtr() ? &P+1 : NULL);
-  else
-    return const_cast<ExplodedNodeImpl**>(&*(getVector(getPtr()).end()));
+  else {
+    // Dereferencing end() is undefined behaviour. The vector is not empty, so
+    // we can dereference the last elem (end()-1) and then add 1 to the result.
+    return const_cast<ExplodedNodeImpl**>(&*(getVector(getPtr()).end()-1)) + 1;
+  }
 }
 
 ExplodedNodeImpl::NodeGroup::~NodeGroup() {