public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libstdc++/21172] potential integer overflow error in STL heap functions
[not found] <bug-21172-10482@http.gcc.gnu.org/bugzilla/>
@ 2006-04-17 18:35 ` pcarlini at suse dot de
2006-10-18 11:38 ` pcarlini at suse dot de
` (2 subsequent siblings)
3 siblings, 0 replies; 9+ messages in thread
From: pcarlini at suse dot de @ 2006-04-17 18:35 UTC (permalink / raw)
To: gcc-bugs
------- Comment #5 from pcarlini at suse dot de 2006-04-17 18:35 -------
Working on a fix.
--
pcarlini at suse dot de changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|unassigned at gcc dot gnu |pcarlini at suse dot de
|dot org |
Status|NEW |ASSIGNED
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=21172
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libstdc++/21172] potential integer overflow error in STL heap functions
[not found] <bug-21172-10482@http.gcc.gnu.org/bugzilla/>
2006-04-17 18:35 ` [Bug libstdc++/21172] potential integer overflow error in STL heap functions pcarlini at suse dot de
@ 2006-10-18 11:38 ` pcarlini at suse dot de
2007-02-13 0:25 ` paolo at gcc dot gnu dot org
2007-02-13 0:26 ` pcarlini at suse dot de
3 siblings, 0 replies; 9+ messages in thread
From: pcarlini at suse dot de @ 2006-10-18 11:38 UTC (permalink / raw)
To: gcc-bugs
------- Comment #6 from pcarlini at suse dot de 2006-10-18 11:37 -------
A straightforward approach to the problem uses the unsigned type associated
with _Distance (via __gnu_cxx::__add_unsigned) to avoid the risk of overflows
in __adjust_heap completely. I'm currently looking into the cleanest way to
follow this route...
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=21172
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libstdc++/21172] potential integer overflow error in STL heap functions
[not found] <bug-21172-10482@http.gcc.gnu.org/bugzilla/>
2006-04-17 18:35 ` [Bug libstdc++/21172] potential integer overflow error in STL heap functions pcarlini at suse dot de
2006-10-18 11:38 ` pcarlini at suse dot de
@ 2007-02-13 0:25 ` paolo at gcc dot gnu dot org
2007-02-13 0:26 ` pcarlini at suse dot de
3 siblings, 0 replies; 9+ messages in thread
From: paolo at gcc dot gnu dot org @ 2007-02-13 0:25 UTC (permalink / raw)
To: gcc-bugs
------- Comment #7 from paolo at gcc dot gnu dot org 2007-02-13 00:25 -------
Subject: Bug 21172
Author: paolo
Date: Tue Feb 13 00:25:30 2007
New Revision: 121875
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=121875
Log:
2007-02-12 Paolo Carlini <pcarlini@suse.de>
PR libstdc++/21172
* include/bits/stl_heap.h (__adjust_heap(_RandomAccessIterator,
_Distance, _Distance, _Tp), __adjust_heap(_RandomAccessIterator,
_Distance, _Distance, _Tp, _Compare)): Avoid potential integer
overflow.
* include/bits/stl_heap.h (__is_heap(_RandomAccessIterator,
_RandomAccessIterator), __is_heap(_RandomAccessIterator,
_RandomAccessIterator, _StrictWeakOrdering): Mark inline.
(make_heap(_RandomAccessIterator, _RandomAccessIterator,
_Compare)): Do not mark inline.
* include/bits/stl_heap.h (push_heap(_RandomAccessIterator,
_RandomAccessIterator), sort_heap(_RandomAccessIterator,
_RandomAccessIterator)): Uncomment __glibcxx_requires_heap.
Modified:
trunk/libstdc++-v3/ChangeLog
trunk/libstdc++-v3/include/bits/stl_heap.h
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=21172
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libstdc++/21172] potential integer overflow error in STL heap functions
[not found] <bug-21172-10482@http.gcc.gnu.org/bugzilla/>
` (2 preceding siblings ...)
2007-02-13 0:25 ` paolo at gcc dot gnu dot org
@ 2007-02-13 0:26 ` pcarlini at suse dot de
3 siblings, 0 replies; 9+ messages in thread
From: pcarlini at suse dot de @ 2007-02-13 0:26 UTC (permalink / raw)
To: gcc-bugs
------- Comment #8 from pcarlini at suse dot de 2007-02-13 00:26 -------
Fixed.
--
pcarlini at suse dot de changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
Target Milestone|--- |4.3.0
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=21172
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libstdc++/21172] potential integer overflow error in STL heap functions
2005-04-23 9:13 [Bug libstdc++/21172] New: " pete_a90 at yahoo dot com
` (3 preceding siblings ...)
2005-04-28 0:08 ` pcarlini at suse dot de
@ 2005-04-28 0:11 ` pcarlini at suse dot de
4 siblings, 0 replies; 9+ messages in thread
From: pcarlini at suse dot de @ 2005-04-28 0:11 UTC (permalink / raw)
To: gcc-bugs
--
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever Confirmed| |1
Last reconfirmed|0000-00-00 00:00:00 |2005-04-28 00:11:11
date| |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=21172
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libstdc++/21172] potential integer overflow error in STL heap functions
2005-04-23 9:13 [Bug libstdc++/21172] New: " pete_a90 at yahoo dot com
` (2 preceding siblings ...)
2005-04-27 19:26 ` pcarlini at suse dot de
@ 2005-04-28 0:08 ` pcarlini at suse dot de
2005-04-28 0:11 ` pcarlini at suse dot de
4 siblings, 0 replies; 9+ messages in thread
From: pcarlini at suse dot de @ 2005-04-28 0:08 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pcarlini at suse dot de 2005-04-28 00:08 -------
Ok, let's reopen the PR as "enhancement": actually, it's easy to produce a
testcase that leads to __secondChild growing beyond __len and the latter
can be equal to the biggest representable _Distance.
--
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |enhancement
Status|RESOLVED |UNCONFIRMED
Resolution|INVALID |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=21172
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libstdc++/21172] potential integer overflow error in STL heap functions
2005-04-23 9:13 [Bug libstdc++/21172] New: " pete_a90 at yahoo dot com
2005-04-26 15:21 ` [Bug libstdc++/21172] " pcarlini at suse dot de
2005-04-27 19:09 ` pete_a90 at yahoo dot com
@ 2005-04-27 19:26 ` pcarlini at suse dot de
2005-04-28 0:08 ` pcarlini at suse dot de
2005-04-28 0:11 ` pcarlini at suse dot de
4 siblings, 0 replies; 9+ messages in thread
From: pcarlini at suse dot de @ 2005-04-27 19:26 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pcarlini at suse dot de 2005-04-27 19:26 -------
Please, either provide an analysis that the problem really happens, *given the
specific algorithm*, or provide a testcase.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=21172
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libstdc++/21172] potential integer overflow error in STL heap functions
2005-04-23 9:13 [Bug libstdc++/21172] New: " pete_a90 at yahoo dot com
2005-04-26 15:21 ` [Bug libstdc++/21172] " pcarlini at suse dot de
@ 2005-04-27 19:09 ` pete_a90 at yahoo dot com
2005-04-27 19:26 ` pcarlini at suse dot de
` (2 subsequent siblings)
4 siblings, 0 replies; 9+ messages in thread
From: pete_a90 at yahoo dot com @ 2005-04-27 19:09 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pete_a90 at yahoo dot com 2005-04-27 19:09 -------
I know there are no practical risks to this (heap isn't that popular and it's practically impossible to allocate an array that large) but it won't work if the user made a custom iterator with unsigned char as the size_type and signed char as the distance_type on a machine with small chars. The initialization of __secondChild isn't the problem, it's the updating of it in the loop that will cause it.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=21172
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libstdc++/21172] potential integer overflow error in STL heap functions
2005-04-23 9:13 [Bug libstdc++/21172] New: " pete_a90 at yahoo dot com
@ 2005-04-26 15:21 ` pcarlini at suse dot de
2005-04-27 19:09 ` pete_a90 at yahoo dot com
` (3 subsequent siblings)
4 siblings, 0 replies; 9+ messages in thread
From: pcarlini at suse dot de @ 2005-04-26 15:21 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pcarlini at suse dot de 2005-04-26 15:21 -------
Actually, all the callers of __adjust_heap either pass a null second argument,
or a "small" second argument (case of make_heap). Thus, no real risks. Notice
that the function is an internal detail (double underscore prefix) and is not
supposed to be externally used.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |INVALID
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=21172
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2007-02-13 0:26 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <bug-21172-10482@http.gcc.gnu.org/bugzilla/>
2006-04-17 18:35 ` [Bug libstdc++/21172] potential integer overflow error in STL heap functions pcarlini at suse dot de
2006-10-18 11:38 ` pcarlini at suse dot de
2007-02-13 0:25 ` paolo at gcc dot gnu dot org
2007-02-13 0:26 ` pcarlini at suse dot de
2005-04-23 9:13 [Bug libstdc++/21172] New: " pete_a90 at yahoo dot com
2005-04-26 15:21 ` [Bug libstdc++/21172] " pcarlini at suse dot de
2005-04-27 19:09 ` pete_a90 at yahoo dot com
2005-04-27 19:26 ` pcarlini at suse dot de
2005-04-28 0:08 ` pcarlini at suse dot de
2005-04-28 0:11 ` pcarlini at suse dot de
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).