[libcxx-commits] [libcxx] [libc++] Fix possible out of range access in bitset (PR #121348)

Peng Liu via libcxx-commits libcxx-commits at lists.llvm.org
Sun Jun 1 09:54:26 PDT 2025 

================
@@ -219,12 +224,66 @@ protected:
   _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_SINCE_CXX23 void operator^=(const __bitset& __v) _NOEXCEPT;
 
   _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_SINCE_CXX23 void flip() _NOEXCEPT;
+
+  // unsigned long spans only one word
+  template <typename _StorageType                                             = __storage_type,
+            __enable_if_t<sizeof(_StorageType) >= sizeof(unsigned long), int> = 0>
+  _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_SINCE_CXX23 unsigned long __to_ulong() const {
+    return static_cast<unsigned long>(__first_[0]);
+  }
+
+  // unsigned long may span multiple words which are concatenated to form the result
+  template <typename _StorageType                                            = __storage_type,
+            __enable_if_t<sizeof(_StorageType) < sizeof(unsigned long), int> = 0>
+  _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_SINCE_CXX23 unsigned long __to_ulong() const {
+    const size_t __ul_words = (sizeof(unsigned long) - 1) / sizeof(__storage_type) + 1;
+    const size_t __n_words  = _N_words < __ul_words ? _N_words : __ul_words;
+    unsigned long __r       = static_cast<unsigned long>(__first_[0]);
+    for (size_t __i = 1; __i < __n_words; ++__i)
+      __r |= static_cast<unsigned long>(__first_[__i]) << (__bits_per_word * __i);
+    return __r;
+  }
+
+  // _Bit_size > sizeof(unsigned long) * CHAR_BIT: overflow check needed
+  template <size_t _Bit_size = _Size, __enable_if_t<(_Bit_size > sizeof(unsigned long) * CHAR_BIT), int> = 0>
+  _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_SINCE_CXX23 unsigned long to_ulong() const {
+    if (auto __e = __make_iter(_Bit_size); std::find(__make_iter(sizeof(unsigned long) * CHAR_BIT), __e, true) != __e)
+      std::__throw_overflow_error("__bitset<_N_words, _Size>::__to_ulong overflow error");
+
+    return __to_ulong();
+  }
+
+  // _Bit_size <= sizeof(unsigned long) * CHAR_BIT: no overflow check needed
+  template <size_t _Bit_size = _Size, __enable_if_t<(_Bit_size <= sizeof(unsigned long) * CHAR_BIT), int> = 0>
   _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_SINCE_CXX23 unsigned long to_ulong() const {
-    return to_ulong(integral_constant < bool, _Size< sizeof(unsigned long) * CHAR_BIT>());
+    return __to_ulong();
   }
+
+#  ifndef _LIBCPP_CXX03_LANG
   _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_SINCE_CXX23 unsigned long long to_ullong() const {
-    return to_ullong(integral_constant < bool, _Size< sizeof(unsigned long long) * CHAR_BIT>());
+    // Check for overflow if _Size does not fit in unsigned long long
+    if _LIBCPP_CONSTEXPR (_Size > sizeof(unsigned long long) * CHAR_BIT) {
----------------
winner245 wrote:

I agree. I've made the function available in C++03 as an extension. 

https://github.com/llvm/llvm-project/pull/121348

More information about the libcxx-commits mailing list