[libcxx-commits] [PATCH] D158940: [libc++][format] Fixes out of bounds access.
Mark de Wever via Phabricator via libcxx-commits
libcxx-commits at lists.llvm.org
Tue Aug 29 10:14:43 PDT 2023
Mordante updated this revision to Diff 554416.
Mordante added a comment.
Rebased and addressed review comments
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D158940/new/
https://reviews.llvm.org/D158940
Files:
libcxx/include/__format/format_functions.h
libcxx/test/std/utilities/format/format.functions/format_tests.h
libcxx/test/std/utilities/format/format.functions/vformat.pass.cpp
Index: libcxx/test/std/utilities/format/format.functions/vformat.pass.cpp
===================================================================
--- libcxx/test/std/utilities/format/format.functions/vformat.pass.cpp
+++ libcxx/test/std/utilities/format/format.functions/vformat.pass.cpp
@@ -50,6 +50,17 @@
};
int main(int, char**) {
+#if !defined(TEST_HAS_NO_EXCEPTIONS)
+ // reproducer of https://llvm.org/PR65011
+ try {
+ const char fmt[] = {'{', '0'};
+ char buf[4096];
+ [[maybe_unused]] auto ignored =
+ std::vformat_to(buf, std::string_view{fmt, fmt + sizeof(fmt)}, std::make_format_args());
+ } catch (...) {
+ }
+#endif // !defined(TEST_HAS_NO_EXCEPTIONS)
+
format_tests<char, execution_modus::full>(test, test_exception);
#ifndef TEST_HAS_NO_WIDE_CHARACTERS
Index: libcxx/test/std/utilities/format/format.functions/format_tests.h
===================================================================
--- libcxx/test/std/utilities/format/format.functions/format_tests.h
+++ libcxx/test/std/utilities/format/format.functions/format_tests.h
@@ -3145,8 +3145,13 @@
// *** Test invalid format strings ***
check_exception("The format string terminates at a '{'", SV("{"));
+ check_exception("The argument index value is too large for the number of arguments supplied", SV("{:"));
check_exception("The replacement field misses a terminating '}'", SV("{:"), 42);
+ check_exception("The argument index should end with a ':' or a '}'", SV("{0"));
+ check_exception("The argument index value is too large for the number of arguments supplied", SV("{0:"));
+ check_exception("The replacement field misses a terminating '}'", SV("{0:"), 42);
+
check_exception("The format string contains an invalid escape sequence", SV("}"));
check_exception("The format string contains an invalid escape sequence", SV("{:}-}"), 42);
Index: libcxx/include/__format/format_functions.h
===================================================================
--- libcxx/include/__format/format_functions.h
+++ libcxx/include/__format/format_functions.h
@@ -245,6 +245,9 @@
using _CharT = iter_value_t<_Iterator>;
__format::__parse_number_result __r = __format::__parse_arg_id(__begin, __end, __parse_ctx);
+ if (__r.__last == __end)
+ std::__throw_format_error("The argument index should end with a ':' or a '}'");
+
bool __parse = *__r.__last == _CharT(':');
switch (*__r.__last) {
case _CharT(':'):
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D158940.554416.patch
Type: text/x-patch
Size: 2450 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/libcxx-commits/attachments/20230829/73f35969/attachment.bin>
More information about the libcxx-commits
mailing list