public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libstdc++/65049] New: Undefined behaviour with std::char_traits<char>
@ 2015-02-13 9:11 redi at gcc dot gnu.org
2015-02-13 9:13 ` [Bug libstdc++/65049] " redi at gcc dot gnu.org
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: redi at gcc dot gnu.org @ 2015-02-13 9:11 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65049
Bug ID: 65049
Summary: Undefined behaviour with std::char_traits<char>
Product: gcc
Version: 5.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: redi at gcc dot gnu.org
#include <string>
int main()
{
const char* p = 0;
char* q = 0;
std::char_traits<char>::compare(p, q, 0);
std::char_traits<char>::find(p, 0, '0');
std::char_traits<char>::move(q, p, 0);
std::char_traits<char>::copy(q, p, 0);
std::char_traits<char>::assign(q, 0, '0');
}
Compiled with ubsan:
/home/jwakely/gcc/5/include/c++/5.0.0/bits/char_traits.h:259:48: runtime error:
null pointer passed as argument 1, which is declared to never be null
/home/jwakely/gcc/5/include/c++/5.0.0/bits/char_traits.h:259:48: runtime error:
null pointer passed as argument 2, which is declared to never be null
/home/jwakely/gcc/5/include/c++/5.0.0/bits/char_traits.h:267:77: runtime error:
null pointer passed as argument 1, which is declared to never be null
/home/jwakely/gcc/5/include/c++/5.0.0/bits/char_traits.h:271:74: runtime error:
null pointer passed as argument 1, which is declared to never be null
/home/jwakely/gcc/5/include/c++/5.0.0/bits/char_traits.h:271:74: runtime error:
null pointer passed as argument 2, which is declared to never be null
/home/jwakely/gcc/5/include/c++/5.0.0/bits/char_traits.h:275:73: runtime error:
null pointer passed as argument 1, which is declared to never be null
/home/jwakely/gcc/5/include/c++/5.0.0/bits/char_traits.h:275:73: runtime error:
null pointer passed as argument 2, which is declared to never be null
/home/jwakely/gcc/5/include/c++/5.0.0/bits/char_traits.h:279:71: runtime error:
null pointer passed as argument 1, which is declared to never be null
We need to check for __n > 0 here:
static int
compare(const char_type* __s1, const char_type* __s2, size_t __n)
{ return __builtin_memcmp(__s1, __s2, __n); }
Similarly for find, move, copy, assign.
This is a real problem, GCC 4.9+ will optimize away null checks based on calls
to these functions.
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug libstdc++/65049] Undefined behaviour with std::char_traits<char>
2015-02-13 9:11 [Bug libstdc++/65049] New: Undefined behaviour with std::char_traits<char> redi at gcc dot gnu.org
@ 2015-02-13 9:13 ` redi at gcc dot gnu.org
2015-02-13 9:31 ` jakub at gcc dot gnu.org
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: redi at gcc dot gnu.org @ 2015-02-13 9:13 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65049
Jonathan Wakely <redi at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2015-02-13
Ever confirmed|0 |1
--- Comment #1 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Similarly for char_traits<wchar_t>
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug libstdc++/65049] Undefined behaviour with std::char_traits<char>
2015-02-13 9:11 [Bug libstdc++/65049] New: Undefined behaviour with std::char_traits<char> redi at gcc dot gnu.org
2015-02-13 9:13 ` [Bug libstdc++/65049] " redi at gcc dot gnu.org
@ 2015-02-13 9:31 ` jakub at gcc dot gnu.org
2015-02-13 9:35 ` redi at gcc dot gnu.org
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: jakub at gcc dot gnu.org @ 2015-02-13 9:31 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65049
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jakub at gcc dot gnu.org
--- Comment #2 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Is it well defined C++? If yes, I'm afraid you need to add if (__n) guard, or
test for pointers being non-NULL.
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug libstdc++/65049] Undefined behaviour with std::char_traits<char>
2015-02-13 9:11 [Bug libstdc++/65049] New: Undefined behaviour with std::char_traits<char> redi at gcc dot gnu.org
2015-02-13 9:13 ` [Bug libstdc++/65049] " redi at gcc dot gnu.org
2015-02-13 9:31 ` jakub at gcc dot gnu.org
@ 2015-02-13 9:35 ` redi at gcc dot gnu.org
2015-08-24 13:44 ` redi at gcc dot gnu.org
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: redi at gcc dot gnu.org @ 2015-02-13 9:35 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65049
--- Comment #3 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Yes, unfortunately the C++ standard doesn't define those members in terms of
the C library calls they correspond to, and doesn't say anything special about
null pointers, so they're required to handle null (I'm considering whether that
could be considered a defect, we might want to forbid nulls so I'll raise that
with the committee).
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug libstdc++/65049] Undefined behaviour with std::char_traits<char>
2015-02-13 9:11 [Bug libstdc++/65049] New: Undefined behaviour with std::char_traits<char> redi at gcc dot gnu.org
` (2 preceding siblings ...)
2015-02-13 9:35 ` redi at gcc dot gnu.org
@ 2015-08-24 13:44 ` redi at gcc dot gnu.org
2015-09-30 13:30 ` redi at gcc dot gnu.org
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: redi at gcc dot gnu.org @ 2015-08-24 13:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65049
--- Comment #4 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Author: redi
Date: Mon Aug 24 13:43:54 2015
New Revision: 227127
URL: https://gcc.gnu.org/viewcvs?rev=227127&root=gcc&view=rev
Log:
PR libstdc++/65049
* include/bits/char_traits.h (char_traits<char>::compare,
char_traits<char>::find, char_traits<char>::move,
char_traits<char>::copy, char_traits<char>::assign): Check for zero
length.
(char_traits<wchar_t>::compare, char_traits<wchar_t>::find,
char_traits<wchar_t>::move, char_traits<wchar_t>::copy,
char_traits<wchar_t>::assign): Likewise.
(char_traits<char16_t>::move, char_traits<char16_t>::copy): Likewise.
(char_traits<char32_t>::move, char_traits<char32_t>::copy): Likewise.
* include/ext/pod_char_traits.h (char_traits<character<>>::move,
char_traits<character<>>::copy): Likewise.
* testsuite/21_strings/char_traits/requirements/char/65049.cc: New.
* testsuite/21_strings/char_traits/requirements/char16_t/65049.cc:
New.
* testsuite/21_strings/char_traits/requirements/char32_t/65049.cc:
New.
* testsuite/21_strings/char_traits/requirements/wchar_t/65049.cc:
New.
Added:
trunk/libstdc++-v3/testsuite/21_strings/char_traits/requirements/char/65049.cc
trunk/libstdc++-v3/testsuite/21_strings/char_traits/requirements/char16_t/65049.cc
trunk/libstdc++-v3/testsuite/21_strings/char_traits/requirements/char32_t/65049.cc
trunk/libstdc++-v3/testsuite/21_strings/char_traits/requirements/wchar_t/65049.cc
Modified:
trunk/libstdc++-v3/ChangeLog
trunk/libstdc++-v3/include/bits/char_traits.h
trunk/libstdc++-v3/include/ext/pod_char_traits.h
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug libstdc++/65049] Undefined behaviour with std::char_traits<char>
2015-02-13 9:11 [Bug libstdc++/65049] New: Undefined behaviour with std::char_traits<char> redi at gcc dot gnu.org
` (3 preceding siblings ...)
2015-08-24 13:44 ` redi at gcc dot gnu.org
@ 2015-09-30 13:30 ` redi at gcc dot gnu.org
2015-10-02 20:08 ` redi at gcc dot gnu.org
2015-10-02 20:09 ` redi at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: redi at gcc dot gnu.org @ 2015-09-30 13:30 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65049
Jonathan Wakely <redi at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |5.3
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug libstdc++/65049] Undefined behaviour with std::char_traits<char>
2015-02-13 9:11 [Bug libstdc++/65049] New: Undefined behaviour with std::char_traits<char> redi at gcc dot gnu.org
` (4 preceding siblings ...)
2015-09-30 13:30 ` redi at gcc dot gnu.org
@ 2015-10-02 20:08 ` redi at gcc dot gnu.org
2015-10-02 20:09 ` redi at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: redi at gcc dot gnu.org @ 2015-10-02 20:08 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65049
--- Comment #5 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Author: redi
Date: Fri Oct 2 20:08:17 2015
New Revision: 228421
URL: https://gcc.gnu.org/viewcvs?rev=228421&root=gcc&view=rev
Log:
Backport PR libstdc++/65049 fix from mainline
PR libstdc++/65049
* include/bits/char_traits.h (char_traits<char>::compare,
char_traits<char>::find, char_traits<char>::move,
char_traits<char>::copy, char_traits<char>::assign): Check for zero
length.
(char_traits<wchar_t>::compare, char_traits<wchar_t>::find,
char_traits<wchar_t>::move, char_traits<wchar_t>::copy,
char_traits<wchar_t>::assign): Likewise.
(char_traits<char16_t>::move, char_traits<char16_t>::copy): Likewise.
(char_traits<char32_t>::move, char_traits<char32_t>::copy): Likewise.
* include/ext/pod_char_traits.h (char_traits<character<>>::move,
char_traits<character<>>::copy): Likewise.
* testsuite/21_strings/char_traits/requirements/char/65049.cc: New.
* testsuite/21_strings/char_traits/requirements/char16_t/65049.cc:
New.
* testsuite/21_strings/char_traits/requirements/char32_t/65049.cc:
New.
* testsuite/21_strings/char_traits/requirements/wchar_t/65049.cc:
New.
Added:
branches/gcc-5-branch/libstdc++-v3/testsuite/21_strings/char_traits/requirements/char/65049.cc
branches/gcc-5-branch/libstdc++-v3/testsuite/21_strings/char_traits/requirements/char16_t/65049.cc
branches/gcc-5-branch/libstdc++-v3/testsuite/21_strings/char_traits/requirements/char32_t/65049.cc
branches/gcc-5-branch/libstdc++-v3/testsuite/21_strings/char_traits/requirements/wchar_t/65049.cc
Modified:
branches/gcc-5-branch/libstdc++-v3/ChangeLog
branches/gcc-5-branch/libstdc++-v3/include/bits/char_traits.h
branches/gcc-5-branch/libstdc++-v3/include/ext/pod_char_traits.h
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug libstdc++/65049] Undefined behaviour with std::char_traits<char>
2015-02-13 9:11 [Bug libstdc++/65049] New: Undefined behaviour with std::char_traits<char> redi at gcc dot gnu.org
` (5 preceding siblings ...)
2015-10-02 20:08 ` redi at gcc dot gnu.org
@ 2015-10-02 20:09 ` redi at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: redi at gcc dot gnu.org @ 2015-10-02 20:09 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65049
Jonathan Wakely <redi at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #6 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Fixed for 5.3 and 6.0
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2015-10-02 20:09 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-02-13 9:11 [Bug libstdc++/65049] New: Undefined behaviour with std::char_traits<char> redi at gcc dot gnu.org
2015-02-13 9:13 ` [Bug libstdc++/65049] " redi at gcc dot gnu.org
2015-02-13 9:31 ` jakub at gcc dot gnu.org
2015-02-13 9:35 ` redi at gcc dot gnu.org
2015-08-24 13:44 ` redi at gcc dot gnu.org
2015-09-30 13:30 ` redi at gcc dot gnu.org
2015-10-02 20:08 ` redi at gcc dot gnu.org
2015-10-02 20:09 ` redi at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).