[libcxx-commits] [libcxx] [libc++][hardening] Check bounds on arithmetic in __bounded_iter (PR #78876)
David Benjamin via libcxx-commits
libcxx-commits at lists.llvm.org
Sun Feb 25 10:39:42 PST 2024
davidben wrote:
On phone so haven't looked carefully, but copy_span is a bit misleading of a baseline. I actually included it to demonstrate a different problem: we're not supposed to optimize everything out! For bounds safety, there should be a check that the destination is at least as large as the source. But the unwrapping mechanism in libc++ ends up bypassing the safety check before the compiler even sees it. This is #78771.
With this PR, the rewrap step ends up restoring the check, sort of. It happens after the copy instead of before, which is too late. I was thinking we'd fix that by first doing this, then adding some iterator arithmetic in front to get the check in the right order. But I haven't looked very carefully yet at the codegen just because it's still not doing the right thing anyway.
https://github.com/llvm/llvm-project/pull/78876
More information about the libcxx-commits
mailing list