[llvm-bugs] [Bug 48189] New: Unsigned Integer Overflow when comparing strings (|s1|<|s2|)

via llvm-bugs llvm-bugs at lists.llvm.org
Sun Nov 15 23:07:45 PST 2020 

https://bugs.llvm.org/show_bug.cgi?id=48189

            Bug ID: 48189
           Summary: Unsigned Integer Overflow when comparing strings
                    (|s1|<|s2|)
           Product: clang
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: C++
          Assignee: unassignedclangbugs at nondot.org
          Reporter: jerryc443 at gmail.com
                CC: blitzrakete at gmail.com, dgregor at apple.com,
                    erik.pilkington at gmail.com, llvm-bugs at lists.llvm.org,
                    richard-llvm at metafoo.co.uk

Sample code:

```cpp
bool b = std::string() < "1";
```


Run this with UBSAN enabled, I got the following output: (`clang 11 using
libstdc++, -std=c++20`)

```
/usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/basic_string.h:403:51:
runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type
'unsigned long'
    #0 0x428a8e in std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >::_S_compare(unsigned long, unsigned long)
/usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/basic_string.h:403:51
    #1 0x42870c in std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >::compare(char const*) const
/usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/basic_string.tcc:1429:8
    #2 0x4273b7 in
decltype(__detail::__char_traits_cmp_cat<std::char_traits<char> >(0))
std::operator<=><char, std::char_traits<char>, std::allocator<char>
>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>
> const&, char const*)
/usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/basic_string.h:6216:61
    #3 0x4271f5 in main ***
    #4 0x7f13e917dcc9 in __libc_start_main csu/../csu/libc-start.c:308:16

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
/usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/basic_string.h:403:51
in 
```

See:
https://github.com/google/sanitizers/issues/1346
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97844

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20201116/2f72e810/attachment-0001.html>

More information about the llvm-bugs mailing list