Merge pull request #148 from pitrou:ubsan-ptr-add-overflow

PiperOrigin-RevId: 463090354
author: Victor Costan <pwnall@chromium.org> 2022-07-27 15:28:16 +0000
committer: Victor Costan <pwnall@chromium.org> 2022-07-27 15:28:16 +0000
commit: af720f9a3b2c831f173b6074961737516f2d3a46 (patch)
tree: fae6aac54d71768c6b17ea6a64c86a8e41967624
parent: 44caf79086541716b0fce0fe7047cb76e4165b04 (diff)
parent: 64df9f28c8452500506af3361dd079e78f736ad5 (diff)
download: snappy-git-af720f9a3b2c831f173b6074961737516f2d3a46.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/snappy.cc b/snappy.cc
index ff3a9ed..6502cfd 100644
--- a/snappy.cc
+++ b/snappy.cc
@@ -340,7 +340,8 @@ static inline bool Copy64BytesWithPatternExtension(char* dst, size_t offset) {
   if (SNAPPY_PREDICT_TRUE(offset < 16)) {
     if (SNAPPY_PREDICT_FALSE(offset == 0)) return false;
     // Extend the pattern to the first 16 bytes.
-    for (int i = 0; i < 16; i++) dst[i] = dst[i - offset];
+    // The simpler formulation of `dst[i - offset]` induces undefined behavior.
+    for (int i = 0; i < 16; i++) dst[i] = (dst - offset)[i];
     // Find a multiple of pattern >= 16.
     static std::array<uint8_t, 16> pattern_sizes = []() {
       std::array<uint8_t, 16> res;
author	Victor Costan <pwnall@chromium.org>	2022-07-27 15:28:16 +0000
committer	Victor Costan <pwnall@chromium.org>	2022-07-27 15:28:16 +0000
commit	af720f9a3b2c831f173b6074961737516f2d3a46 (patch)
tree	fae6aac54d71768c6b17ea6a64c86a8e41967624
parent	44caf79086541716b0fce0fe7047cb76e4165b04 (diff)
parent	64df9f28c8452500506af3361dd079e78f736ad5 (diff)
download	snappy-git-af720f9a3b2c831f173b6074961737516f2d3a46.tar.gz