[libcxx] r345067 - When filling a vector<bool> with stuff, initialize the last word of the storage that you're touching. Otherwise, when we lay down the bits with operator&=, we get UB from reading uninitialized memory. Fixes Bug 39354. Thanks to David Wagner for the bug report.

[Marshall Clow]

Author: marshall
Date: Tue Oct 23 11:38:15 2018
New Revision: 345067

URL: http://llvm.org/viewvc/llvm-project?rev=345067&view=rev
Log:
When filling a vector<bool> with stuff, initialize the last word of the storage that you're touching. Otherwise, when we lay down the bits with operator&=, we get UB from reading uninitialized memory. Fixes Bug 39354. Thanks to David Wagner for the bug report.

Modified:
    libcxx/trunk/include/vector

Modified: libcxx/trunk/include/vector
URL: http://llvm.org/viewvc/llvm-project/libcxx/trunk/include/vector?rev=345067&r1=345066&r2=345067&view=diff
==============================================================================
--- libcxx/trunk/include/vector (original)
+++ libcxx/trunk/include/vector Tue Oct 23 11:38:15 2018
@@ -2606,6 +2606,8 @@ vector<bool, _Allocator>::__construct_at
 {
     size_type __old_size = this->__size_;
     this->__size_ += __n;
+    if (__old_size == 0 || (__old_size / __bits_per_word) != (this->__size_ / __bits_per_word))
+    	this->__begin_[this->__size_ / __bits_per_word] = __storage_type(0);
     _VSTD::fill_n(__make_iter(__old_size), __n, __x);
 }
 
@@ -2620,6 +2622,8 @@ vector<bool, _Allocator>::__construct_at
 {
     size_type __old_size = this->__size_;
     this->__size_ += _VSTD::distance(__first, __last);
+    if (__old_size == 0 || (__old_size / __bits_per_word) != (this->__size_ / __bits_per_word))
+    	this->__begin_[this->__size_ / __bits_per_word] = __storage_type(0);
     _VSTD::copy(__first, __last, __make_iter(__old_size));
 }