[libcxx-commits] [libcxx] [libc++] Add missing assertion in std::span constructor (PR #118396)
David Benjamin via libcxx-commits
libcxx-commits at lists.llvm.org
Sun Jul 6 13:07:39 PDT 2025
davidben wrote:
While tripping this would let you access [0, N) without complaint, passing in a random other pointer and mismatched bounds would do the same thing, and `std::span` can't check that. I think, practically speaking, `std::span(ptr, len)` should be considered an unsafe function (in the sense of `-Wunsafe-buffer-usage`), with correctness being the caller's responsibility.
So I agree with @mxms0 that this doesn't really belong in `_LIBCPP_HARDENING_MODE_FAST`. Practically speaking, I expect the compiler would never be able to optimize this out in general user code, and security-wise, we already have to rely on the caller for bounds-safety of this function. (At least until `-fbounds-safety` gets added to C++, at which point perhaps those caller preconditions could be captured.)
https://github.com/llvm/llvm-project/pull/118396
More information about the libcxx-commits
mailing list