From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jwakely@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124])
 by sourceware.org (Postfix) with ESMTP id 90B8C3A78021
 for <gcc-patches@gcc.gnu.org>; Tue,  4 May 2021 22:19:52 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 90B8C3A78021
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-421-Osx9B8xSOzG8D-Wsg6pqIw-1; Tue, 04 May 2021 18:19:50 -0400
X-MC-Unique: Osx9B8xSOzG8D-Wsg6pqIw-1
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 30BAF801817;
 Tue,  4 May 2021 22:19:49 +0000 (UTC)
Received: from localhost (unknown [10.33.36.164])
 by smtp.corp.redhat.com (Postfix) with ESMTP id CDAB71002D71;
 Tue,  4 May 2021 22:19:48 +0000 (UTC)
Date: Tue, 4 May 2021 23:19:48 +0100
From: Jonathan Wakely <jwakely@redhat.com>
To: libstdc++@gcc.gnu.org, gcc-patches@gcc.gnu.org
Subject: [committed 3/4] libstdc++: Fix undefined behaviour in std::string
Message-ID: <20210504221948.GN3008@redhat.com>
References: <YJHIB/bhVbWRUygY@redhat.com>
MIME-Version: 1.0
In-Reply-To: <YJHIB/bhVbWRUygY@redhat.com>
X-Clacks-Overhead: GNU Terry Pratchett
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: multipart/mixed; boundary="8gjvNdKnYEg0NgYj"
Content-Disposition: inline
X-Spam-Status: No, score=-15.1 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0,
 RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,
 SPF_PASS, TXREP autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Tue, 04 May 2021 22:19:53 -0000

--8gjvNdKnYEg0NgYj
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline

This fixes a ubsan error when constructing a string with a null pointer:

bits/basic_string.h:534:21: runtime error: applying non-zero offset 18446744073709551615 to null pointer

The _M_construct function only cares whether the second pointer is
non-null, so create a non-null value without undefined arithmetic.

We can also pass the random_access_iterator_tag directly to the
_M_construct function, to avoid going via the tag dispatching
_M_construct_aux, because we know we have pointers not integers here.

libstdc++-v3/ChangeLog:

         * include/bits/basic_string.h (basic_string(const CharT*, const A&)):
         Do not do arithmetic on null pointer.

Tested x86_64-linux. Committed to trunk.




--8gjvNdKnYEg0NgYj
Content-Type: text/x-patch; charset=us-ascii
Content-Disposition: attachment; filename="patch.txt"

commit 789c57bc5fe023fc6dc72ade4afcb0916ff788d3
Author: Jonathan Wakely <jwakely@redhat.com>
Date:   Tue May 4 15:49:38 2021

    libstdc++: Fix undefined behaviour in std::string
    
    This fixes a ubsan error when constructing a string with a null pointer:
    
    bits/basic_string.h:534:21: runtime error: applying non-zero offset 18446744073709551615 to null pointer
    
    The _M_construct function only cares whether the second pointer is
    non-null, so create a non-null value without undefined arithmetic.
    
    We can also pass the random_access_iterator_tag directly to the
    _M_construct function, to avoid going via the tag dispatching
    _M_construct_aux, because we know we have pointers not integers here.
    
    libstdc++-v3/ChangeLog:
    
            * include/bits/basic_string.h (basic_string(const CharT*, const A&)):
            Do not do arithmetic on null pointer.

diff --git a/libstdc++-v3/include/bits/basic_string.h b/libstdc++-v3/include/bits/basic_string.h
index fba7c6f3354..84356adc7ae 100644
--- a/libstdc++-v3/include/bits/basic_string.h
+++ b/libstdc++-v3/include/bits/basic_string.h
@@ -531,7 +531,12 @@ _GLIBCXX_BEGIN_NAMESPACE_CXX11
 #endif
       basic_string(const _CharT* __s, const _Alloc& __a = _Alloc())
       : _M_dataplus(_M_local_data(), __a)
-      { _M_construct(__s, __s ? __s + traits_type::length(__s) : __s+npos); }
+      {
+	const _CharT* __end = __s ? __s + traits_type::length(__s)
+	  // We just need a non-null pointer here to get an exception:
+	  : reinterpret_cast<const _CharT*>(__alignof__(_CharT));
+	_M_construct(__s, __end, random_access_iterator_tag());
+      }
 
       /**
        *  @brief  Construct string as multiple characters.

--8gjvNdKnYEg0NgYj--