[libcxx-commits] [libcxx] 53aed47 - [libcxx] Fix crash in std::stringstream with payload >= INT_MAX
Nikolas Klauser via libcxx-commits
libcxx-commits at lists.llvm.org
Wed May 17 09:21:15 PDT 2023
Author: Azat Khuzhin
Date: 2023-05-17T09:21:04-07:00
New Revision: 53aed4759b33e33614e0f4e321bc1ef764b6d5b6
URL: https://github.com/llvm/llvm-project/commit/53aed4759b33e33614e0f4e321bc1ef764b6d5b6
DIFF: https://github.com/llvm/llvm-project/commit/53aed4759b33e33614e0f4e321bc1ef764b6d5b6.diff
LOG: [libcxx] Fix crash in std::stringstream with payload >= INT_MAX
stringstream does works for payload > INT_MAX, however
stringstream::gcount() can break the internal field (__nout_) and this
breaks the stringstream itself, and so the program will crash.
Fix this, by using __pbump(streamsize) over pbump(int)
Note, libstdc++ does not have this bug.
Reviewed By: #libc, ldionne, Mordante
Spies: arichardson, Mordante, philnik, ldionne, libcxx-commits, mikhail.ramalho
Differential Revision: https://reviews.llvm.org/D146294
Added:
libcxx/test/std/input.output/string.streams/stringstream.members/gcount.pass.cpp
Modified:
libcxx/include/sstream
Removed:
################################################################################
diff --git a/libcxx/include/sstream b/libcxx/include/sstream
index 6dd581e30cb41..26c8992153225 100644
--- a/libcxx/include/sstream
+++ b/libcxx/include/sstream
@@ -646,7 +646,7 @@ basic_stringbuf<_CharT, _Traits, _Allocator>::seekoff(off_type __off,
if (__wch & ios_base::out)
{
this->setp(this->pbase(), this->epptr());
- this->pbump(__noff);
+ this->__pbump(__noff);
}
return pos_type(__noff);
}
diff --git a/libcxx/test/std/input.output/string.streams/stringstream.members/gcount.pass.cpp b/libcxx/test/std/input.output/string.streams/stringstream.members/gcount.pass.cpp
new file mode 100644
index 0000000000000..7dbd68ec43730
--- /dev/null
+++ b/libcxx/test/std/input.output/string.streams/stringstream.members/gcount.pass.cpp
@@ -0,0 +1,41 @@
+//===----------------------------------------------------------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+// All 32 bit arches that CI has:
+//
+// UNSUPPORTED: target=powerpc-ibm-aix
+// UNSUPPORTED: target=armv7l-linux-gnueabihf
+// UNSUPPORTED: target=armv8l-linux-gnueabihf
+// UNSUPPORTED: target=i686-w64-windows-gnu
+
+// Test that tellp() does not break the stringstream after INT_MAX, due to use
+// of pbump() that accept int.
+
+#include <cassert>
+#include <climits>
+#include <sstream>
+#include <string>
+
+int main(int, char**) {
+ std::stringstream ss;
+ std::string payload(INT_MAX - 1, '\0');
+
+ ss.write(payload.data(), payload.size());
+ assert(ss.tellp() == INT_MAX - 1);
+
+ ss.write("a", 1);
+ assert(ss.tellp() == INT_MAX);
+
+ ss.write("b", 1);
+ assert(ss.tellp() == INT_MAX + 1ULL);
+ // it fails only after previous tellp() corrupts the internal field with int
+ // overflow
+ assert(ss.tellp() == INT_MAX + 1ULL);
+
+ return 0;
+}
More information about the libcxx-commits
mailing list