From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 957EA3858D32; Thu, 2 Nov 2023 08:47:24 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 957EA3858D32 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1698914844; bh=Qqt5wJNwlxzFlDeMTcarHveGCp34OEhS2K5JLLEiDOI=; h=From:To:Subject:Date:In-Reply-To:References:From; b=lhDuOA9dm2xOrOMlC/T398qD/WEspIw2/NNGMfRk18xsUbjqIRiIN7rlYoblms6s7 Ygi38cxIhgttx/WFqz/BPB05Uf+lU4Io2L2QEorbg8EVaFkHAvazyrJ9sLHyLFvEvl KxLZQSGlL6FCiKWAebj0on200oLAtZWcUOGxHiPo= From: "jdapena at igalia dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug libstdc++/112314] Missing index assertions in basic_string_view Date: Thu, 02 Nov 2023 08:47:23 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: libstdc++ X-Bugzilla-Version: 12.3.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: enhancement X-Bugzilla-Who: jdapena at igalia dot com X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D112314 --- Comment #2 from Jose Dapena Paz --- (In reply to Jonathan Wakely from comment #1) > For the second one, I did start work on a patch that attempts to verify t= hat > the provided length is not more than __builtin_object_size. I can't remem= ber > why I stopped working on that. There's no way to make that check 100% > reliable, because __builtin_object_size depends on optimizations and whet= her > the compiler can see enough data. I guess in this case a "best-effort" approach could be good enough? Providi= ng there are no false positives asserting for actually valid calls. In the cas= e of Chromium unit test it is passing a predefined const char[] so, at least mak= ing sure those cases are validated would add an extra layer of protection. In any case, the failing test is actually passing -1, my understanding is t= hat that one should always assert no matter what we are passing as const char*.=