This is an archive of the discontinued LLVM Phabricator instance.

Differential D156783

[libc++] Fix `std::out_of_range` thrown from `basic_stringbuf::str() &&`
ClosedPublic

Authored by pfusik on Aug 1 2023, 3:17 AM.

Details

Reviewers
Mordante
philnik
Group Reviewers
Restricted Project
Commits
rGf418cb1a9367: [libc++] Fix `std::out_of_range` thrown from `basic_stringbuf::str() &&`

Diff Detail

Unit TestsFailed

TimeTest
10,350 mslibcxx CI - Modular build > llvm-libc++-shared-cfg-in.libcxx/diagnostics::format.nodiscard_extensions.compile.pass.cpp
31,410 mslibcxx CI - Modular build > llvm-libc++-shared-cfg-in.libcxx/diagnostics::nodiscard_extensions.verify.cpp
34,120 mslibcxx CI - Modular build > llvm-libc++-shared-cfg-in.libcxx/diagnostics::pstl.nodiscard_extensions.compile.pass.cpp
46,460 mslibcxx CI - Modular build > llvm-libc++-shared-cfg-in.libcxx/experimental/memory/memory_polymorphic_allocator_class/memory_polymorphic_allocator_mem::construct_piecewise_pair.pass.cpp
7,800 mslibcxx CI - Modular build > llvm-libc++-shared-cfg-in.libcxx/localization/locales/locale_convenience/conversions/conversions_string::ctor_move.pass.cpp
View Full Test Results (47 Failed)

Event Timeline

pfusik created this revision.Aug 1 2023, 3:17 AM
Herald added a project: Restricted Project. · View Herald TranscriptAug 1 2023, 3:17 AM
pfusik requested review of this revision.Aug 1 2023, 3:17 AM
Herald added a project: Restricted Project. · View Herald TranscriptAug 1 2023, 3:17 AM
Herald added a reviewer: Restricted Project. · View Herald Transcript
Herald added a subscriber: libcxx-commits. · View Herald Transcript
pfusik mentioned this in D155276: [libc++] Implement ostringstream members of P0408R7 (Efficient Access to basic_stringbuf's Buffer).Aug 1 2023, 3:23 AM
pfusik added a subscriber: leonardchan.Aug 1 2023, 3:27 AM

Fixes a bug reported by @leonardchan at https://reviews.llvm.org/D155276
In the bug scenario, __view.data() == nullptr. The offset is validated by the string constructor/assign even if count == 0.

Harbormaster completed remote builds in B249439: Diff 545989.Aug 1 2023, 3:49 AM
Mordante added a subscriber: Mordante.Aug 1 2023, 8:46 AM

I just fixed the CI can you rebase this patch on main?

Mordante accepted this revision.Aug 1 2023, 8:58 AM

Thanks for the quick fix! LGTM modulo a comment.

After you land the patch, can you put it up for backporting to LLVM-17?
(The instructions are here https://www.llvm.org/docs/GitHub.html#backporting-fixes-to-the-release-branches)

libcxx/include/sstream
405

Depending on the order of evaluation __view.data() - __str_.data() may be used after __str_ has been moved. Lets determine the size before assign. This is pre-existing.

Whether this is save depends on the order in which the function arguments are evaluated. Clang and GCC use a different order.

This revision is now accepted and ready to land.Aug 1 2023, 8:58 AM
pfusik marked an inline comment as done.Aug 1 2023, 9:02 AM
pfusik added inline comments.
libcxx/include/sstream
405

I was also having this concern for a moment. :) But std::move is just a cast that does not modify its argument. The actual move is inside assign.

pfusik updated this revision to Diff 546095.Aug 1 2023, 9:33 AM
pfusik marked an inline comment as done.

Rebased.

Mordante added inline comments.Aug 1 2023, 10:43 AM
libcxx/include/sstream
405

Good point, you're right. It only does a cast and nothing else.

philnik added a subscriber: philnik.Aug 1 2023, 11:07 AM
philnik added inline comments.
libcxx/include/sstream
405

While that is true, I think moving the calculation out of the function call doesn't hurt. This would be a real bug if assign took the string by value, which makes this really subtile and definitely worthy of a comment if we were to keep it this way.

pfusik updated this revision to Diff 546158.Aug 1 2023, 11:22 AM
pfusik marked an inline comment as done.

Refactor a function argument to a variable (NFC).

philnik accepted this revision.Aug 1 2023, 11:23 AM
Harbormaster completed remote builds in B249561: Diff 546158.Aug 1 2023, 1:21 PM
pfusik updated this revision to Diff 546322.Aug 1 2023, 10:34 PM

Rebased.

Harbormaster completed remote builds in B249674: Diff 546322.Aug 2 2023, 7:11 AM
This revision was landed with ongoing or failed builds.Aug 2 2023, 7:27 AM
Closed by commit rGf418cb1a9367: [libc++] Fix `std::out_of_range` thrown from `basic_stringbuf::str() &&` (authored by pfusik). · Explain Why
This revision was automatically updated to reflect the committed changes.
pfusik added a commit: rGf418cb1a9367: [libc++] Fix `std::out_of_range` thrown from `basic_stringbuf::str() &&`.
pfusik added a comment.Aug 2 2023, 8:11 AM
In D156783#4550729, @Mordante wrote:

After you land the patch, can you put it up for backporting to LLVM-17?
(The instructions are here https://www.llvm.org/docs/GitHub.html#backporting-fixes-to-the-release-branches)

https://github.com/llvm/llvm-project/issues/64346

Revision Contents

PathSize
libcxx/
include/
6 lines
test/
std/
input.output/
string.streams/
istringstream/
istringstream.members/
6 lines
ostringstream/
ostringstream.members/
6 lines
stringbuf/
stringbuf.members/
6 lines
stringstream/
stringstream.members/
6 lines

Diff 546158

libcxx/include/sstream

Show First 20 LinesShow All 393 Lines▼ Show 20 Lines
#endif #endif
#if _LIBCPP_STD_VER <= 17 || defined(_LIBCPP_BUILDING_LIBRARY) #if _LIBCPP_STD_VER <= 17 || defined(_LIBCPP_BUILDING_LIBRARY)
string_type str() const; string_type str() const;
#else #else
_LIBCPP_HIDE_FROM_ABI_SSTREAM string_type str() const & { return str(__str_.get_allocator()); } _LIBCPP_HIDE_FROM_ABI_SSTREAM string_type str() const & { return str(__str_.get_allocator()); }
_LIBCPP_HIDE_FROM_ABI_SSTREAM string_type str() && { _LIBCPP_HIDE_FROM_ABI_SSTREAM string_type str() && {
string_type __result;
const basic_string_view<_CharT, _Traits> __view = view(); const basic_string_view<_CharT, _Traits> __view = view();
string_type __result(std::move(__str_), __view.data() - __str_.data(), __view.size()); if (!__view.empty()) {
auto __pos = __view.data() - __str_.data();
MordanteUnsubmitted
Done
ReplyInline Actions

Depending on the order of evaluation __view.data() - __str_.data() may be used after __str_ has been moved. Lets determine the size before assign. This is pre-existing.

Whether this is save depends on the order in which the function arguments are evaluated. Clang and GCC use a different order.

Mordante: Depending on the order of evaluation `__view.data() - __str_.data()` may be used after `__str_`…
pfusikAuthorUnsubmitted
Done
ReplyInline Actions

I was also having this concern for a moment. :) But std::move is just a cast that does not modify its argument. The actual move is inside assign.

pfusik: I was also having this concern for a moment. :) But `std::move` is just a cast that does not…
MordanteUnsubmitted
Done
ReplyInline Actions

Good point, you're right. It only does a cast and nothing else.

Mordante: Good point, you're right. It only does a cast and nothing else.
philnikUnsubmitted
Done
ReplyInline Actions

While that is true, I think moving the calculation out of the function call doesn't hurt. This would be a real bug if assign took the string by value, which makes this really subtile and definitely worthy of a comment if we were to keep it this way.

philnik: While that is true, I think moving the calculation out of the function call doesn't hurt. This…
__result.assign(std::move(__str_), __pos, __view.size());
}
__str_.clear(); __str_.clear();
__init_buf_ptrs(); __init_buf_ptrs();
return __result; return __result;
} }
#endif // _LIBCPP_STD_VER <= 17 || defined(_LIBCPP_BUILDING_LIBRARY) #endif // _LIBCPP_STD_VER <= 17 || defined(_LIBCPP_BUILDING_LIBRARY)
#if _LIBCPP_STD_VER >= 20 #if _LIBCPP_STD_VER >= 20
template <class _SAlloc> template <class _SAlloc>
▲ Show 20 LinesShow All 789 LinesShow Last 20 Lines

libcxx/test/std/input.output/string.streams/istringstream/istringstream.members/str.move.pass.cpp

Show All 25 Lines
template <class CharT> template <class CharT>
static void test() { static void test() {
{ {
std::basic_istringstream<CharT> ss(STR("testing")); std::basic_istringstream<CharT> ss(STR("testing"));
std::basic_string<CharT> s = std::move(ss).str(); std::basic_string<CharT> s = std::move(ss).str();
assert(s == STR("testing")); assert(s == STR("testing"));
assert(ss.view().empty()); assert(ss.view().empty());
} }
{
std::basic_istringstream<CharT> ss;
std::basic_string<CharT> s = std::move(ss).str();
assert(s.empty());
assert(ss.view().empty());
}
} }
int main(int, char**) { int main(int, char**) {
test<char>(); test<char>();
#ifndef TEST_HAS_NO_WIDE_CHARACTERS #ifndef TEST_HAS_NO_WIDE_CHARACTERS
test<wchar_t>(); test<wchar_t>();
#endif #endif
return 0; return 0;
} }

libcxx/test/std/input.output/string.streams/ostringstream/ostringstream.members/str.move.pass.cpp

Show All 25 Lines
template <class CharT> template <class CharT>
static void test() { static void test() {
{ {
std::basic_ostringstream<CharT> ss(STR("testing")); std::basic_ostringstream<CharT> ss(STR("testing"));
std::basic_string<CharT> s = std::move(ss).str(); std::basic_string<CharT> s = std::move(ss).str();
assert(s == STR("testing")); assert(s == STR("testing"));
assert(ss.view().empty()); assert(ss.view().empty());
} }
{
std::basic_ostringstream<CharT> ss;
std::basic_string<CharT> s = std::move(ss).str();
assert(s.empty());
assert(ss.view().empty());
}
} }
int main(int, char**) { int main(int, char**) {
test<char>(); test<char>();
#ifndef TEST_HAS_NO_WIDE_CHARACTERS #ifndef TEST_HAS_NO_WIDE_CHARACTERS
test<wchar_t>(); test<wchar_t>();
#endif #endif
return 0; return 0;
} }

libcxx/test/std/input.output/string.streams/stringbuf/stringbuf.members/str.move.pass.cpp

Show All 25 Lines
template <class CharT> template <class CharT>
static void test() { static void test() {
{ {
std::basic_stringbuf<CharT> buf(STR("testing")); std::basic_stringbuf<CharT> buf(STR("testing"));
std::basic_string<CharT> s = std::move(buf).str(); std::basic_string<CharT> s = std::move(buf).str();
assert(s == STR("testing")); assert(s == STR("testing"));
assert(buf.view().empty()); assert(buf.view().empty());
} }
{
std::basic_stringbuf<CharT> buf;
std::basic_string<CharT> s = std::move(buf).str();
assert(s.empty());
assert(buf.view().empty());
}
} }
int main(int, char**) { int main(int, char**) {
test<char>(); test<char>();
#ifndef TEST_HAS_NO_WIDE_CHARACTERS #ifndef TEST_HAS_NO_WIDE_CHARACTERS
test<wchar_t>(); test<wchar_t>();
#endif #endif
return 0; return 0;
} }

libcxx/test/std/input.output/string.streams/stringstream/stringstream.members/str.move.pass.cpp

Show All 25 Lines
template <class CharT> template <class CharT>
static void test() { static void test() {
{ {
std::basic_stringstream<CharT> ss(STR("testing")); std::basic_stringstream<CharT> ss(STR("testing"));
std::basic_string<CharT> s = std::move(ss).str(); std::basic_string<CharT> s = std::move(ss).str();
assert(s == STR("testing")); assert(s == STR("testing"));
assert(ss.view().empty()); assert(ss.view().empty());
} }
{
std::basic_stringstream<CharT> ss;
std::basic_string<CharT> s = std::move(ss).str();
assert(s.empty());
assert(ss.view().empty());
}
} }
int main(int, char**) { int main(int, char**) {
test<char>(); test<char>();
#ifndef TEST_HAS_NO_WIDE_CHARACTERS #ifndef TEST_HAS_NO_WIDE_CHARACTERS
test<wchar_t>(); test<wchar_t>();
#endif #endif
return 0; return 0;
} }