[libcxx-commits] [libcxx] [libc++][ranges][abi-break] Fix `movable_box` overwriting memory of data that lives in the tail padding (PR #71314)
Louis Dionne via libcxx-commits
libcxx-commits at lists.llvm.org
Fri Dec 15 09:54:15 PST 2023
================
@@ -134,6 +134,13 @@ concept __doesnt_need_empty_state =
// 2. Otherwise, movable-box<T> should store only a T if either T models movable or
// is_nothrow_move_constructible_v<T> is true.
: movable<_Tp> || is_nothrow_move_constructible_v<_Tp>);
+
+// we can only use no_unique_address if _Tp has assignment operators,
+// so that we don't need to add our own assignment operator, which
+// contains problematic construct_at
----------------
ldionne wrote:
```
When _Tp doesn't have an assignment operator, we must implement __movable_box's assignment operator
by doing destroy_at followed by construct_at. However, that implementation strategy leads to UB if the nested
_Tp is potentially overlapping [HERE EXPLAIN THE SITUATION SUMMARIZED IN https://github.com/llvm/llvm-project/issues/70494#issuecomment-1845646490].
Hence, when the _Tp doesn't have an assignment operator, we can't risk making it a potentially-overlapping
subobject because of the above, and we don't use [[no_unique_address]] in that case.
```
https://github.com/llvm/llvm-project/pull/71314
More information about the libcxx-commits
mailing list