From: Benjamin Kramer <benny.kra@googlemail.com>
Date: Tue, 5 Jul 2011 11:13:37 +0000 (+0000)
Subject: Don't overread the buffer when an %x escape in inline asm ends prematurely.
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bc57f3cfada779521b579ba184d70e0a6f98d62f;p=clang

Don't overread the buffer when an %x escape in inline asm ends prematurely.

Tested by valgrind & Sema/asm.c.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@134404 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/AST/Stmt.cpp b/lib/AST/Stmt.cpp
index 39f23fba9e..e293f324ab 100644
--- a/lib/AST/Stmt.cpp
+++ b/lib/AST/Stmt.cpp
@@ -366,6 +366,10 @@ unsigned AsmStmt::AnalyzeAsmString(llvm::SmallVectorImpl<AsmStringPiece>&Pieces,
     // Handle %x4 and %x[foo] by capturing x as the modifier character.
     char Modifier = '\0';
     if (isalpha(EscapedChar)) {
+      if (CurPtr == StrEnd) { // Premature end.
+        DiagOffs = CurPtr-StrStart-1;
+        return diag::err_asm_invalid_escape;
+      }
       Modifier = EscapedChar;
       EscapedChar = *CurPtr++;
     }