[libcxx-commits] [libcxx] b5abd50 - [libc++] span: Guard against overflow in span::subspan

Louis Dionne via libcxx-commits libcxx-commits at lists.llvm.org
Wed Feb 12 07:21:56 PST 2020


Author: Louis Dionne
Date: 2020-02-12T16:21:46+01:00
New Revision: b5abd50f06966af28df4f80850f006c9cda7a07e

URL: https://github.com/llvm/llvm-project/commit/b5abd50f06966af28df4f80850f006c9cda7a07e
DIFF: https://github.com/llvm/llvm-project/commit/b5abd50f06966af28df4f80850f006c9cda7a07e.diff

LOG: [libc++] span: Guard against overflow in span::subspan

The calculation _Offset + _Count <= size() may overflow, so use
_Count <= size() - _Offset instead. Note that this is safe due to
the previous constraint that _Offset <= size().

Patch by Michael Schellenberger Costa.

Differential Revision: https://reviews.llvm.org/D71998

Added: 
    libcxx/test/std/containers/views/span.sub/subspan.fail.cpp

Modified: 
    libcxx/include/span

Removed: 
    


################################################################################
diff  --git a/libcxx/include/span b/libcxx/include/span
index a5362ca91cf1..82bcbff402b1 100644
--- a/libcxx/include/span
+++ b/libcxx/include/span
@@ -278,6 +278,7 @@ public:
         -> span<element_type, _Count != dynamic_extent ? _Count : _Extent - _Offset>
     {
         static_assert(_Offset <= _Extent, "Offset out of range in span::subspan()");
+        static_assert(_Count == dynamic_extent || _Count <= _Extent - _Offset, "Offset + count out of range in span::subspan()");
         return {data() + _Offset, _Count == dynamic_extent ? size() - _Offset : _Count};
     }
 
@@ -290,7 +291,7 @@ public:
         _LIBCPP_ASSERT(__count  <= size() || __count == dynamic_extent, "Count out of range in span::subspan(offset, count)");
         if (__count == dynamic_extent)
             return {data() + __offset, size() - __offset};
-        _LIBCPP_ASSERT(__offset <= size() - __count, "count + offset out of range in span::subspan(offset, count)");
+        _LIBCPP_ASSERT(__count <= size() - __offset, "Offset + count out of range in span::subspan(offset, count)");
         return {data() + __offset, __count};
     }
 
@@ -447,7 +448,7 @@ public:
     constexpr span<element_type, _Count> subspan() const noexcept
     {
         _LIBCPP_ASSERT(_Offset <= size(), "Offset out of range in span::subspan()");
-        _LIBCPP_ASSERT(_Count == dynamic_extent || _Offset + _Count <= size(), "Count out of range in span::subspan()");
+        _LIBCPP_ASSERT(_Count == dynamic_extent || _Count <= size() - _Offset, "Offset + count out of range in span::subspan()");
         return {data() + _Offset, _Count == dynamic_extent ? size() - _Offset : _Count};
     }
 
@@ -459,7 +460,7 @@ public:
         _LIBCPP_ASSERT(__count  <= size() || __count == dynamic_extent, "count out of range in span::subspan(offset, count)");
         if (__count == dynamic_extent)
             return {data() + __offset, size() - __offset};
-        _LIBCPP_ASSERT(__offset <= size() - __count, "Offset + count out of range in span::subspan(offset, count)");
+        _LIBCPP_ASSERT(__count <= size() - __offset, "Offset + count out of range in span::subspan(offset, count)");
         return {data() + __offset, __count};
     }
 

diff  --git a/libcxx/test/std/containers/views/span.sub/subspan.fail.cpp b/libcxx/test/std/containers/views/span.sub/subspan.fail.cpp
new file mode 100644
index 000000000000..08ec3c97c36f
--- /dev/null
+++ b/libcxx/test/std/containers/views/span.sub/subspan.fail.cpp
@@ -0,0 +1,52 @@
+// -*- C++ -*-
+//===------------------------------ span ---------------------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===---------------------------------------------------------------------===//
+// UNSUPPORTED: c++98, c++03, c++11, c++14, c++17
+
+// <span>
+
+// template<size_t Offset, size_t Count = dynamic_extent>
+//   constexpr span<element_type, see below> subspan() const;
+//
+// constexpr span<element_type, dynamic_extent> subspan(
+//   size_type offset, size_type count = dynamic_extent) const;
+//
+//  Requires: offset <= size() &&
+//            (count == dynamic_extent || count <= size() - offset)
+
+#include <span>
+
+#include "test_macros.h"
+
+constexpr int carr[] = {1, 2, 3, 4};
+
+int main(int, char**) {
+  std::span<const int, 4> sp(carr);
+
+  //  Offset too large templatized
+  {
+    [[maybe_unused]] auto s1 = sp.subspan<5>(); // expected-error-re at span:* {{static_assert failed{{( due to requirement '.*')?}} "Offset out of range in span::subspan()"}}
+  }
+
+  //  Count too large templatized
+  {
+    [[maybe_unused]] auto s1 = sp.subspan<0, 5>(); // expected-error-re at span:* {{static_assert failed{{( due to requirement '.*')?}} "Offset + count out of range in span::subspan()"}}
+  }
+
+  //  Offset + Count too large templatized
+  {
+    [[maybe_unused]] auto s1 = sp.subspan<2, 3>(); // expected-error-re at span:* {{static_assert failed{{( due to requirement '.*')?}} "Offset + count out of range in span::subspan()"}}
+  }
+
+  //  Offset + Count overflow templatized
+  {
+    [[maybe_unused]] auto s1 = sp.subspan<3, std::size_t(-2)>(); // expected-error-re at span:* {{static_assert failed{{( due to requirement '.*')?}} "Offset + count out of range in span::subspan()"}}, expected-error-re at span:* {{array is too large{{(.* elements)}}}}
+  }
+
+  return 0;
+}


        


More information about the libcxx-commits mailing list