[libcxx] r297355 - Disable unsigned integer sanitizer for basic_string::replace(). Patch from tomcherry at google.com

Eric Fiselier via cfe-commits cfe-commits at lists.llvm.org
Wed Mar 8 17:54:13 PST 2017 

Author: ericwf
Date: Wed Mar  8 19:54:13 2017
New Revision: 297355

URL: http://llvm.org/viewvc/llvm-project?rev=297355&view=rev
Log:
Disable unsigned integer sanitizer for basic_string::replace(). Patch from tomcherry at google.com

basic_string::replace() has the below line

__sz += __n2 - __n1;

which fails overflow checks if __n1 > __n2, as the negative result
from the subtraction then overflows the original __sz when added to
it.

This behavior is valid as unsigned integer overflow is defined to wrap
around the maximum value and that produces the correct final value for
__sz.  Therefore, we disable this check on this function.

Modified:
    libcxx/trunk/include/string

Modified: libcxx/trunk/include/string
URL: http://llvm.org/viewvc/llvm-project/libcxx/trunk/include/string?rev=297355&r1=297354&r2=297355&view=diff
==============================================================================
--- libcxx/trunk/include/string (original)
+++ libcxx/trunk/include/string Wed Mar  8 19:54:13 2017
@@ -2560,6 +2560,7 @@ basic_string<_CharT, _Traits, _Allocator
 template <class _CharT, class _Traits, class _Allocator>
 basic_string<_CharT, _Traits, _Allocator>&
 basic_string<_CharT, _Traits, _Allocator>::replace(size_type __pos, size_type __n1, const value_type* __s, size_type __n2)
+    _LIBCPP_DISABLE_UBSAN_UNSIGNED_INTEGER_CHECK
 {
     _LIBCPP_ASSERT(__n2 == 0 || __s != nullptr, "string::replace received nullptr");
     size_type __sz = size();
@@ -2599,6 +2600,8 @@ basic_string<_CharT, _Traits, _Allocator
         }
         traits_type::move(__p + __pos, __s, __n2);
 __finish:
+// __sz += __n2 - __n1; in this and the below function below can cause unsigned integer overflow,
+// but this is a safe operation, so we disable the check.
         __sz += __n2 - __n1;
         __set_size(__sz);
         __invalidate_iterators_past(__sz);
@@ -2612,6 +2615,7 @@ __finish:
 template <class _CharT, class _Traits, class _Allocator>
 basic_string<_CharT, _Traits, _Allocator>&
 basic_string<_CharT, _Traits, _Allocator>::replace(size_type __pos, size_type __n1, size_type __n2, value_type __c)
+    _LIBCPP_DISABLE_UBSAN_UNSIGNED_INTEGER_CHECK
 {
     size_type __sz = size();
     if (__pos > __sz)

More information about the cfe-commits mailing list