[libcxx-commits] [PATCH] D68952: Guard against possible overflow in span.subpan
Casey Carter via Phabricator via libcxx-commits
libcxx-commits at lists.llvm.org
Sun Oct 20 21:01:35 PDT 2019
CaseyCarter requested changes to this revision.
CaseyCarter added inline comments.
================
Comment at: include/span:448
_LIBCPP_INLINE_VISIBILITY
- constexpr span<_Tp, dynamic_extent> subspan() const noexcept
+ constexpr span<element_type, dynamic_extent> subspan() const noexcept
{
----------------
Pre-existing bug: The return type should be `span<element_type, _Count>`.
================
Comment at: include/span:451
_LIBCPP_ASSERT(_Offset <= size(), "Offset out of range in span::subspan()");
- _LIBCPP_ASSERT(_Count == dynamic_extent || _Offset + _Count <= size(), "Count out of range in span::subspan()");
+ _LIBCPP_ASSERT(_Count == dynamic_extent || _Offset <= size() - _Count, "Count out of range in span::subspan()");
return {data() + _Offset, _Count == dynamic_extent ? size() - _Offset : _Count};
----------------
`_Offset <= size() - _Count` should be `_Count <= size() - _Offset` per the P/R of [LWG-3103](https://cplusplus.github.io/LWG/issue3103). `_Offset <= size() - _Count` admits `span("Hello").subspan<4, -size_t{2}>()` and returns an enormous invalid `span`.
Repository:
rCXX libc++
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D68952/new/
https://reviews.llvm.org/D68952
More information about the libcxx-commits
mailing list