From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
 id D79F13987851; Wed, 24 Jun 2020 15:02:23 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D79F13987851
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
 s=default; t=1593010943;
 bh=Ew7vvi6v+r4Rruag7KGegAMQwF7wcExppeTaRonw30Y=;
 h=From:To:Subject:Date:In-Reply-To:References:From;
 b=AWik9tajEOU0oKFUHlRCPsx+8BLddVHBS19Vghbw8FGMuOuq94Qkic7JGUnDgf06F
 oMYOWs30P4yDzKdotj7lEU6Tqb6HwZb00r/c5FxA0JTM3GXyEyjg9JFXMJGSModSZV
 EJOuvv57FwNCSJHcRkj5uTEcegnoQYAMmHLPn0II=
From: "cvs-commit at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug libstdc++/95851] [10/11 Regression] std::to_chars(p, p, c, 2)
 segfault
Date: Wed, 24 Jun 2020 15:02:23 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: libstdc++
X-Bugzilla-Version: 10.1.1
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: cvs-commit at gcc dot gnu.org
X-Bugzilla-Status: ASSIGNED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: redi at gcc dot gnu.org
X-Bugzilla-Target-Milestone: 10.2
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-95851-4-OLlWH7OhjW@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-95851-4@http.gcc.gnu.org/bugzilla/>
References: <bug-95851-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gcc-bugs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-bugs mailing list <gcc-bugs.gcc.gnu.org>
List-Unsubscribe: <http://gcc.gnu.org/mailman/options/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-request@gcc.gnu.org?subject=help>
List-Subscribe: <http://gcc.gnu.org/mailman/listinfo/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jun 2020 15:02:24 -0000

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D95851

--- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-10 branch has been updated by Jonathan Wakely
<redi@gcc.gnu.org>:

https://gcc.gnu.org/g:ff5c8fe44a98025c1e700cfc033247965e293869

commit r10-8360-gff5c8fe44a98025c1e700cfc033247965e293869
Author: Jonathan Wakely <jwakely@redhat.com>
Date:   Tue Jun 23 22:47:58 2020 +0100

    libstdc++: Fix std::to_chars buffer overflow (PR 95851)

    The __detail::__to_chars_2 function assumes it won't be called with zero
    values. However, when the output buffer is empty the caller doesn't
    handle zero values correctly, and calls __to_chars_2 with a zero value,
    resulting in an overflow of the empty buffer.

    The __detail::__to_chars_i function should just return immediately for
    an empty buffer, and otherwise ensure zero values are handled properly.

    libstdc++-v3/ChangeLog:

            PR libstdc++/95851
            * include/std/charconv (__to_chars_i): Check for zero-sized
            buffer unconditionally.
            * testsuite/20_util/to_chars/95851.cc: New test.

    (cherry picked from commit be50843754b4c4d47f0d628a84b3dbf2a4145a43)=