[libcxx-commits] [PATCH] D146294: [libcxx] Fix crash in std::stringstream with payload >= INT_MAX

Azat Khuzhin via Phabricator via libcxx-commits libcxx-commits at lists.llvm.org
Sun Apr 9 08:52:05 PDT 2023


azat marked an inline comment as done.
azat added inline comments.


================
Comment at: libcxx/include/sstream:475
     {
         typename string_type::size_type __sz = __str_.size();
         __hm_ = const_cast<char_type*>(__str_.data()) + __sz;
----------------
azat wrote:
> Mordante wrote:
> > This type is most likely `std::size_t`, and `__pbump` takes a `streamsize` which is signed. Why is this overflow save?
> Yeah, you are right, so it seems that both places needs this while loop, or maybe I could introduce another helper instead of using this loop? (asking because I'm not sure about adding new symbols to the libc++, since this can change ABI, though it is protected)
Actually only this hunk is wrong, so I simply remove this change from the patch, to keep this bug fix as simple as possible.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D146294/new/

https://reviews.llvm.org/D146294



More information about the libcxx-commits mailing list