From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=tJXx=GZ=gmail.com=cassio.neri@sourceware.org>
Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b])
	by sourceware.org (Postfix) with ESMTPS id 2FAD83858D1E;
	Sun, 12 Nov 2023 01:33:58 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 2FAD83858D1E
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 2FAD83858D1E
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a00:1450:4864:20::32b
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1699752840; cv=none;
	b=mOKzMJW+CE+gVl1z6SBKAwKPVQg1CUPiA7v5PykUpSaWHfuxpCJZTOQH7/9ybjLp4yH7HAEPtS0b1zratO0ht2BMjedROtbOmnBs+nTAu0Kv1sBucHXDJKWyiLQFPwCmq6JANksCdKXnHh9AXTeiEG6njDXN4HlvjB7zHs1WpSQ=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1699752840; c=relaxed/simple;
	bh=tYkiNCLOSI3CLra6E5knbHDXqm6CL18yUk3Uuas6Qqw=;
	h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=MuMPDu9nzcbgwnWlzDCtSGxfq4u9S2Ai3Ox/vxTGZOHZjwKa8blzVuZ74JjMHYmCo9lXB0pQ46HvMnhsb/lTW1/li93Hg/zRsXyOmc5bqxJftIRKXdhvxx8O1CEaG20agOZ5iCkWGy5hKO1BuWKtgSW7F/DxxKyqpWtdU3zsRGI=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: by mail-wm1-x32b.google.com with SMTP id 5b1f17b1804b1-40806e4106dso18958335e9.1;
        Sat, 11 Nov 2023 17:33:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1699752836; x=1700357636; darn=gcc.gnu.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=ddpxPjTYqMpFZvEYdfy6YQUya76v1wU9i4VkCYV2WEo=;
        b=OHCo/Y2bzJwGarqvXAbj+hWmWWnnrlP+3BN3tkiRI18ytNLyAF/TTXT6RSBx7ZKONp
         ogerO43qZJIeltIdpx1LDweUg2EVXXL55EMpeCOydNWpmBUgU/1/xTByN4PcrmcaSu9q
         SH8spqjNexYjOJA3iBnjYsBUOhkuhVHiI4c9uPrWonFpqxjyQzSQhA/FqIcHNsgHdu6u
         BtZXftzbRyRqrMnQ5KCrcWDyxh/sHo+dMZdCVsdBE644fFKx+89tywzyoRYgSJLFBNM1
         LlzT02sty7gC2jtX+XuGbwkkTUX2PPnS28gX+G20JQ0qRAE+3R22D5PN3wExhzaCtF9Q
         kkvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699752836; x=1700357636;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ddpxPjTYqMpFZvEYdfy6YQUya76v1wU9i4VkCYV2WEo=;
        b=VbscbuqeIBUhzVjePy/PDdPIr7jyS9b67PGmnNT0ljZpkGbCscr+fA1AROy3Ty0w4K
         2DlHJaefL6LiICSCG6Qm+UZQzUJPOhv/3PnoDy05IxqFSB1Ejgs28bSCa9K9cw4q0Zae
         SKcNj2S9jgXaHvW9ywlCZPhIpfxISoysumKE0DWXIRfWVaVKumuGJtA2qDgjURsDi+LP
         Rnlk0aPtzqQ6t/o7QbFKk2qkMFyLRFsEZ04h5RX3o1gs7mvK33oH47qGxxqmAIkRXqJN
         c+iYl0W6HHpLiEZDzoORBOqD1m07NXUWe49TwpTO1NRkSX5MdCizZJjInTXznJeln8ET
         ImLg==
X-Gm-Message-State: AOJu0Ywd/vzy+W42AR2+Ayayk/fceacU9C9vgKIvRic7EGJ+rpsiwZLI
	+q0q/SFWMkaQJqxSEKK5+lqzyMWMeQI=
X-Google-Smtp-Source: AGHT+IFyHrOjrKnsIDZlSVRoR7bSHCLHf0TBl3sQIlXXPlI9Ua/vnDERbjL3i7JzG3bOR7nIvfZeRw==
X-Received: by 2002:a05:600c:3c8b:b0:409:6e0e:e95a with SMTP id bg11-20020a05600c3c8b00b004096e0ee95amr2487002wmb.19.1699752836038;
        Sat, 11 Nov 2023 17:33:56 -0800 (PST)
Received: from othello.cust.communityfibre.co.uk ([2a02:6b64:8086:0:f9dd:28dd:c9b9:d8f4])
        by smtp.gmail.com with ESMTPSA id p37-20020a05600c1da500b004064ac107cfsm3615664wms.39.2023.11.11.17.33.55
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 11 Nov 2023 17:33:55 -0800 (PST)
From: Cassio Neri <cassio.neri@gmail.com>
To: libstdc++@gcc.gnu.org,
	gcc-patches@gcc.gnu.org
Cc: Cassio Neri <cassio.neri@gmail.com>
Subject: [PATCH] Fix UB in weekday::weekday(sys_days) and add test.
Date: Sun, 12 Nov 2023 01:33:52 +0000
Message-ID: <20231112013352.19885-1-cassio.neri@gmail.com>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gcc-patches.gcc.gnu.org>

The following has undefined behaviour (signed overflow) [1]:
    weekday max{sys_days{days{numeric_limits<days::rep>::max()}}};

The issue is in this line when __n is very large and __n + 4 overflows:
    return weekday(__n >= -4 ? (__n + 4) % 7 : (__n + 5) % 7 + 6);

In addition to fixing this bug, the new implementation makes the compiler emit
shorter and branchless code for x86-64 and ARM [2].

[1] https://godbolt.org/z/1s5bv7KfT
[2] https://godbolt.org/z/zKsabzrhs

libstdc++-v3/ChangeLog:

	* include/std/chrono: Fix weekday::_S_from_days
	* testsuite/std/time/weekday/1.cc: Add test for overflow.
---

Good for trunk?

 libstdc++-v3/include/std/chrono              | 11 +++++++++--
 libstdc++-v3/testsuite/std/time/weekday/1.cc |  9 +++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/libstdc++-v3/include/std/chrono b/libstdc++-v3/include/std/chrono
index 10e868e5a03..c00dd133173 100644
--- a/libstdc++-v3/include/std/chrono
+++ b/libstdc++-v3/include/std/chrono
@@ -930,8 +930,15 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION
       static constexpr weekday
       _S_from_days(const days& __d)
       {
-	auto __n = __d.count();
-	return weekday(__n >= -4 ? (__n + 4) % 7 : (__n + 5) % 7 + 6);
+	using _Rep = days::rep;
+	using _URep = make_unsigned_t<_Rep>;
+	const auto __n = __d.count();
+	const auto __m = static_cast<_URep>(__n);
+
+	// 1970-01-01 (__n =  0, __m = 0        ) -> Thursday (4)
+	// 1969-31-12 (__n = -1, __m = _URep(-1)) -> Wednesday (3)
+	const auto __offset = __n >= 0 ? _URep(4) : 3 - _URep(-1) % 7 - 7;
+	return weekday((__m + __offset) % 7);
       }

     public:
diff --git a/libstdc++-v3/testsuite/std/time/weekday/1.cc b/libstdc++-v3/testsuite/std/time/weekday/1.cc
index 00278c8b01c..e89fca47d4b 100644
--- a/libstdc++-v3/testsuite/std/time/weekday/1.cc
+++ b/libstdc++-v3/testsuite/std/time/weekday/1.cc
@@ -20,6 +20,7 @@
 // Class template day [time.cal.weekday]

 #include <chrono>
+#include <limits>

 constexpr void
 constexpr_weekday()
@@ -37,6 +38,14 @@ constexpr_weekday()
   static_assert(weekday{3}[2].weekday() == weekday{3});
   static_assert(weekday{3}[last].weekday() == weekday{3});

+  // Test for UB (overflow).
+  {
+    using rep = days::rep;
+    using std::numeric_limits;
+    constexpr weekday max{sys_days{days{numeric_limits<rep>::max()}}};
+    constexpr weekday min{sys_days{days{numeric_limits<rep>::min()}}};
+  }
+
   static_assert(weekday{sys_days{1900y/January/1}} == Monday);
   static_assert(weekday{sys_days{1970y/January/1}} == Thursday);
   static_assert(weekday{sys_days{2020y/August/21}} == Friday);
--
2.41.0