[libcxx-commits] [PATCH] D155397: [libc++][format] Fixes an off by one error.
Mark de Wever via Phabricator via libcxx-commits
libcxx-commits at lists.llvm.org
Tue Jul 18 08:13:58 PDT 2023
Mordante added a comment.
In D155397#4506805 <https://reviews.llvm.org/D155397#4506805>, @dim wrote:
> In D155397#4506191 <https://reviews.llvm.org/D155397#4506191>, @ldionne wrote:
>
>> Did you find that with fuzzing?
>
> This was reported in the security bug tracker at https://bugs.chromium.org/p/llvm/issues/detail?id=48 . That issue was not accessible at first, but I have removed the security restriction now.
I indeed mention this privately to @ldionne since at that time the issue was still restricted.
In D155397#4510120 <https://reviews.llvm.org/D155397#4510120>, @avogelsgesang wrote:
> In D155397#4506191 <https://reviews.llvm.org/D155397#4506191>, @ldionne wrote:
>
>> Did you find that with fuzzing?
>
> We (a small team inside Salesforce) found this in one of our production builds by accident / sheer luck. We are using `-fexperimental-library` already, because we recompile the world anyway (and don't need ABI stability) and are happy to rewrite our code in case breaking API changes are applied to libc++ or the C++ standard.
>
> I agree that fuzzing might be a good idea for `std::format` to find this type of issues in a more structured way
+1 This is already high on my priority list. D154140 <https://reviews.llvm.org/D154140> enables fuzzing in our CI so when that lands I will look into fuzzing.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D155397/new/
https://reviews.llvm.org/D155397
More information about the libcxx-commits
mailing list