[libcxx-commits] [PATCH] D155873: [libc++][hardening] Categorize more assertions.

Konstantin Varlamov via Phabricator via libcxx-commits libcxx-commits at lists.llvm.org
Fri Jul 21 10:23:12 PDT 2023 

var-const added inline comments.


================
Comment at: libcxx/include/string:956
       : __r_(__default_init_tag(), __default_init_tag()) {
-    _LIBCPP_ASSERT_UNCATEGORIZED(__n == 0 || __s != nullptr, "basic_string(const char*, n) detected nullptr");
+    _LIBCPP_ASSERT_NON_NULL(__n == 0 || __s != nullptr, "basic_string(const char*, n) detected nullptr");
     __init(__s, __n);
----------------
ldionne wrote:
> I think a lot of these `NON_NULL` checks are actually `VALID_RANGE` checks. http://eel.is/c++draft/iterators#iterator.requirements.general-11
> 
> Here we seem to be using `__s != nullptr` as a way to say `__s` is dereferenceable. Do we want to move these checks to `ASSERT_VALID_RANGE`? Do we want these checks in hardened mode? I'm not sure, I think we should probably review this with a security specialist.
It's a great question and a topic for discussion, IMO. I think reviewing this with a security expert would be great.

I'd prefer to avoid blocking the patch on this, though, given that the branch cutoff date is coming up, and a large part of the patch seems to be more straightforward than the questions related to non-null checks. I'd remove the `NON_NULL` part from this patch and do it in a follow-up instead, does that sound reasonable to you?


================
Comment at: libcxx/include/string:963
       : __r_(__default_init_tag(), __a) {
-    _LIBCPP_ASSERT_UNCATEGORIZED(__n == 0 || __s != nullptr,
-                                 "basic_string(const char*, n, allocator) detected nullptr");
+    _LIBCPP_ASSERT_NON_NULL(__n == 0 || __s != nullptr,
+                            "basic_string(const char*, n, allocator) detected nullptr");
----------------
ldionne wrote:
> Separate from the `ASSERT_VALID_RANGE` question, do we want to introduce helper functions to help checking whether a range is valid?
Yes, this is something I'd really love to do. I'd do this in a separate patch, though, if that's okay.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D155873/new/

https://reviews.llvm.org/D155873

More information about the libcxx-commits mailing list