[libcxx-commits] [libcxx] f4c1e87 - [libc++][hardening] Reclassify string_view(ptr, len)'s size assertion (#79297)
via libcxx-commits
libcxx-commits at lists.llvm.org
Mon Mar 11 13:28:08 PDT 2024
Author: David Benjamin
Date: 2024-03-11T16:28:05-04:00
New Revision: f4c1e8747b33815969e60a53cab3dac4d0f55f6c
URL: https://github.com/llvm/llvm-project/commit/f4c1e8747b33815969e60a53cab3dac4d0f55f6c
DIFF: https://github.com/llvm/llvm-project/commit/f4c1e8747b33815969e60a53cab3dac4d0f55f6c.diff
LOG: [libc++][hardening] Reclassify string_view(ptr, len)'s size assertion (#79297)
The comment makes this error condition sound less problematic than it
is. If the length does not match the pointer's bounds, all
bounds-checking in string_view goes wrong. A length over PTRDIFF_MAX
cannot possibly be a correct bounds and was mostly an underflowed
negative number cast to a size_t.
The documentation for _LIBCPP_ASSERT_VALID_INPUT_RANGE discusses ranges
being valid, including an iterator and a count, which seemed appropriate
here.
Added:
Modified:
libcxx/include/string_view
Removed:
################################################################################
diff --git a/libcxx/include/string_view b/libcxx/include/string_view
index e0dd5c5b19ace0..e8584a69c1e1b3 100644
--- a/libcxx/include/string_view
+++ b/libcxx/include/string_view
@@ -310,9 +310,10 @@ public:
: __data_(__s),
__size_(__len) {
#if _LIBCPP_STD_VER >= 14
- // This will result in creating an invalid `string_view` object -- some calculations involving `size` would
- // overflow, making it effectively truncated.
- _LIBCPP_ASSERT_ARGUMENT_WITHIN_DOMAIN(
+ // Allocations must fit in `ptr
diff _t` for pointer arithmetic to work. If `__len` exceeds it, the input
+ // range could not have been valid. Most likely the caller underflowed some arithmetic and inadvertently
+ // passed in a negative length.
+ _LIBCPP_ASSERT_VALID_INPUT_RANGE(
__len <= static_cast<size_type>(numeric_limits<
diff erence_type>::max()),
"string_view::string_view(_CharT *, size_t): length does not fit in
diff erence_type");
_LIBCPP_ASSERT_NON_NULL(
More information about the libcxx-commits
mailing list