Page MenuHomePhabricator

Disable unsigned integer sanitizer for basic_string::replace()
ClosedPublic

Authored by tomcherry on Mar 8 2017, 3:37 PM.

Details

Summary

basic_string::replace() has the below line

sz += n2 - __n1;

which fails overflow checks if n1 > n2, as the negative result
from the subtraction then overflows the original __sz when added to
it.

This behavior is valid as unsigned integer overflow is defined to wrap
around the maximum value and that produces the correct final value for
__sz. Therefore, we disable this check on this function.

Event Timeline

tomcherry created this revision.Mar 8 2017, 3:37 PM
srhines added a subscriber: srhines.Mar 8 2017, 4:01 PM

You probably want to remove the Change-Id section above in your description (or at least drop that when you finally submit this to libc++).

tomcherry edited the summary of this revision. (Show Details)Mar 8 2017, 4:03 PM
EricWF added inline comments.Mar 8 2017, 4:35 PM
include/string
2559

Please put this comment inside one of the function bodies, right above the offending line.

I think putting it here will result in it maybe becoming unmaintained.

EricWF edited edge metadata.Mar 8 2017, 4:41 PM

Side note: There are plenty of tests in the test-suite that trigger this overflow, so no new tests are needed.

When I have time I'm going to enable -fsanitize=unsigned-integer-overflow once I have time to clean up any existing failures.

tomcherry updated this revision to Diff 91111.Mar 8 2017, 4:49 PM

Moved comments to an appropriate line

tomcherry marked an inline comment as done.Mar 8 2017, 4:50 PM
EricWF accepted this revision.Mar 8 2017, 4:53 PM

@Tom Do you have commit acces or would you like me to commit this for you?

This revision is now accepted and ready to land.Mar 8 2017, 4:53 PM

I don't have commit access, so please commit for me.

Thank you

EricWF closed this revision.Mar 8 2017, 6:06 PM

Committed in r297355.