[llvm-bugs] [Bug 46665] New: istream::ignore has undefined behaviour for large files

[via llvm-bugs]

https://bugs.llvm.org/show_bug.cgi?id=46665

            Bug ID: 46665
           Summary: istream::ignore has undefined behaviour for large
                    files
           Product: libc++
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: All Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: zilla at kayari.org
                CC: llvm-bugs at lists.llvm.org, mclow.lists at gmail.com

This program creates a custom streambuf that just keeps returning buffer after
buffer filled with zero bytes, until more than
numeric_limits<streamsize>::max() has been read, when it puts a single '1' into
the buffer. Using istream::ignore to find that '1' causes an integer overflow
in the istream::gcount() counter.

#include <streambuf>
#include <iostream>
#include <memory>
#include <limits>
#include <cstring>
#include <cassert>

using namespace std;

struct buff : streambuf
{
  streamsize xsgetn(char* s, streamsize n) final override
  {
    if (passed_max)
      return 0;
    else if ((numeric_limits<streamsize>::max() - count) < n)
    {
      s[n-1] = '1';
      passed_max = true;
    }
    else
      count += n;
    return n;
  }

  int underflow() override
  {
    auto n = xsgetn(buf, sizeof(buf));
    if (n == 0)
      return char_traits<char>::eof();
    this->setg(buf, buf, buf+n);
    return *buf;
  }

  bool passed_max = false;
  streamsize count = 0;

  char buf[1014 * 1024] = {};
};

int main()
{
  auto p = make_unique<buff>();
  istream in(p.get());
  in.ignore(numeric_limits<streamsize>::max(), '1');
  assert(in.good());
  auto n = in.gcount();
  auto c = in.get();
  std::cout << n << ' ' << c << '\n';
  assert(c == char_traits<char>::eof());
  // assert(n == numeric_limits<streamsize>::max());
}


Compiled for 32-bit (because otherwise it's hard to overflow streamsize!) with
UBsan this gives a runtime error, and the value returned by gcount() is
negative:

$ clang++ sbuf.cc -m32 -O2  -fsanitize=undefined
-D_LIBCPP_DO_NOT_ASSUME_STREAMS_EXPLICIT_INSTANTIATION_IN_DYLIB -stdlib=libc++ 
&& ./a.out
/usr/bin/../include/c++/v1/istream:974:21: runtime error: signed integer
overflow: 2147483647 + 1 cannot be represented in type 'std::__1::streamsize'
(aka 'int')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
/usr/bin/../include/c++/v1/istream:974:21 in 
-2146650112 -1

In this situation libstdc++ sets gcount() to numeric_limits<streamsize>::max()
rather than overflowing.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20200709/7a6c44ae/attachment.html>