[llvm-bugs] [Bug 41618] New: off-by-one error in check for vector::size() exceeding max_size()
via llvm-bugs
llvm-bugs at lists.llvm.org
Fri Apr 26 12:29:48 PDT 2019
https://bugs.llvm.org/show_bug.cgi?id=41618
Bug ID: 41618
Summary: off-by-one error in check for vector::size() exceeding
max_size()
Product: libc++
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: All Bugs
Assignee: unassignedclangbugs at nondot.org
Reporter: richard-llvm at metafoo.co.uk
CC: llvm-bugs at lists.llvm.org, mclow.lists at gmail.com
Testcase:
#include <vector>
size_t e() {
std::vector<T> vb;
return vb.max_size();
}
size_t f() {
std::vector<T> vb(e());
vb.push_back({});
return vb.size();
}
size_t g() {
std::vector<T> vb(e());
vb.push_back({});
vb.push_back({});
return vb.size();
}
Compiling with -m32, we find:
* when T = bool, e() returns 0x7fffffff, f() does not throw and returns
0x80000000, and g() throws length_error
* when T = int, e() returns 0x3fffffff, f() does not throw and returns 0 (!),
and g() calls 'operator new(0xfffffffd)' which presumably throws bad_alloc()
I've not tested other container types.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20190426/128ccf71/attachment.html>
More information about the llvm-bugs
mailing list