From 4c15d279e4d92b204275e973f2cedb76f63b0ac3 Mon Sep 17 00:00:00 2001
From: Frank Busse <bb0xfb@gmail.com>
Date: Thu, 17 May 2018 23:12:24 +0100
Subject: fix out of range access in KleeHandler::getKTestFilesInDir

---
 test/regression/2018-05-17-replay-short-names.c | 11 +++++++++++
 tools/klee/main.cpp                             | 10 +++++-----
 2 files changed, 16 insertions(+), 5 deletions(-)
 create mode 100644 test/regression/2018-05-17-replay-short-names.c

diff --git a/test/regression/2018-05-17-replay-short-names.c b/test/regression/2018-05-17-replay-short-names.c
new file mode 100644
index 00000000..c0b9023f
--- /dev/null
+++ b/test/regression/2018-05-17-replay-short-names.c
@@ -0,0 +1,11 @@
+// RUN: rm -rf a
+// RUN: mkdir a
+// RUN: touch a/b
+// RUN: %llvmgcc %s -emit-llvm -O0 -g -c -o %t1.bc
+// RUN: rm -rf %t.klee-out
+// RUN: %klee -replay-ktest-dir=a --output-dir=%t.klee-out %t1.bc 2>&1
+//
+
+#include "klee/klee.h"
+
+int main(int argc, char * argv[]) {}
diff --git a/tools/klee/main.cpp b/tools/klee/main.cpp
index ab9dfe28..1178c9cf 100644
--- a/tools/klee/main.cpp
+++ b/tools/klee/main.cpp
@@ -546,11 +546,11 @@ void KleeHandler::getKTestFilesInDir(std::string directoryPath,
 #else
   std::error_code ec;
 #endif
-  for (llvm::sys::fs::directory_iterator i(directoryPath, ec), e; i != e && !ec;
-       i.increment(ec)) {
-    std::string f = (*i).path();
-    if (f.substr(f.size()-6,f.size()) == ".ktest") {
-          results.push_back(f);
+  llvm::sys::fs::directory_iterator i(directoryPath, ec), e;
+  for (; i != e && !ec; i.increment(ec)) {
+    auto f = i->path();
+    if (f.size() >= 6 && f.substr(f.size()-6,f.size()) == ".ktest") {
+      results.push_back(f);
     }
   }
 
-- 
cgit 1.4.1