[libcxx-commits] [libcxx] [libc++] Add missing assertion in std::span constructor (PR #118396)
Louis Dionne via libcxx-commits
libcxx-commits at lists.llvm.org
Wed Dec 4 13:01:05 PST 2024
ldionne wrote:
>
> No strong feelings about keeping the non-null category for strictly null. Can we put it into an assert category besides `FAST`? Indeed it won't be null, but most platforms the first page (or more) is unmappable. I'm not too strongly opinionated, but I am interested in keeping span cheap and keeping checks in `_LIBCPP_HARDENING_MODE_FAST` as security-related as possible.
My rationale for making it `_LIBCPP_ASSERT_VALID_INPUT_RANGE` was that creating such a span would then allow you to access the region of memory `[0, N)` freely without complaint, and that seemed like something potentially dangerous. `N` can potentially be something large, so in theory you could end up getting a "blessed handle" to dereference an arbitrary address unless I missed something.
Thanks for bringing this up -- we also care strongly about keeping the fast mode fast and strictly for security issues, and these discussions are important and healthy to have. In light of the above, do you still feel like it should probably not be included in the fast mode?
https://github.com/llvm/llvm-project/pull/118396
More information about the libcxx-commits
mailing list