From 47facd6d200a72323b953e55d2b95877d807c274 Mon Sep 17 00:00:00 2001
From: Enrico Guiraud <enrico.guiraud@cern.ch>
Date: Mon, 19 Apr 2021 15:30:54 +0200
Subject: [PATCH] [IO] Fix out of bounds read in TClassEdit

When doing I/O of RVec objects, TClassEdit::STLArgs was accessing
an element one after the end of a static array. asan rightly complains.

This commit fixes https://github.com/root-project/root/issues/7903,
which contains more details.
---
 core/foundation/src/TClassEdit.cxx | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/core/foundation/src/TClassEdit.cxx b/core/foundation/src/TClassEdit.cxx
index a45b431a5dc..7b6ed0a36dd 100644
--- a/core/foundation/src/TClassEdit.cxx
+++ b/core/foundation/src/TClassEdit.cxx
@@ -560,8 +560,9 @@ int   TClassEdit::STLArgs(int kind)
    static const char  stln[] =// min number of container arguments
       //     vector, list, deque, map, multimap, set, multiset, bitset,
       {    1,     1,    1,     1,   3,        3,   2,        2,      1,
-      // forward_list, unordered_set, unordered_multiset, unordered_map, unordered_multimap
-                    1,             3,                  3,             4,                  4};
+      // forward_list, unordered_set, unordered_multiset, unordered_map, unordered_multimap, ROOT::RVec
+                    1,             3,                  3,             4,                  4,          1};
+   assert(std::size_t(kind) < sizeof(stln) && "index is out of bounds");
 
    return stln[kind];
 }
-- 
GitLab