[llvm-bugs] [Bug 26812] New: possible overflow issue in std::allocator::allocate
via llvm-bugs
llvm-bugs at lists.llvm.org
Wed Mar 2 06:54:59 PST 2016
https://llvm.org/bugs/show_bug.cgi?id=26812
Bug ID: 26812
Summary: possible overflow issue in std::allocator::allocate
Product: libc++
Version: 3.8
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P
Component: All Bugs
Assignee: unassignedclangbugs at nondot.org
Reporter: ionelpopescu97 at yahoo.com
CC: llvm-bugs at lists.llvm.org, mclow.lists at gmail.com
Classification: Unclassified
std::allocator::allocate is currently implemented like this:
_LIBCPP_INLINE_VISIBILITY pointer allocate(size_type __n,
allocator<void>::const_pointer = 0)
{return static_cast<pointer>(_VSTD::__allocate(__n * sizeof(_Tp)));}
If __n > allocator::max_size() this will cause an overflow ant the result will
not be throwing a std::bad_alloc, but instead it will allocate a size
determined by overflow.
It should be better implemented like this:
_LIBCPP_INLINE_VISIBILITY pointer allocate(size_type __n,
allocator<void>::const_pointer = 0)
{
if (__n > max_size()) {
#ifndef _LIBCPP_NO_EXCEPTIONS
throw std::bad_alloc();
#endif
}
return static_cast<pointer>(_VSTD::__allocate(__n * sizeof(_Tp)));
}
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20160302/6ba9c669/attachment.html>
More information about the llvm-bugs
mailing list