public inbox for libstdc++-cvs@sourceware.org
help / color / mirror / Atom feed
From: Jonathan Wakely <redi@gcc.gnu.org>
To: gcc-cvs@gcc.gnu.org, libstdc++-cvs@gcc.gnu.org
Subject: [gcc r9-9362] libstdc++: Fix filesystem::path construction from COW string [PR 99805]
Date: Mon, 19 Apr 2021 11:31:22 +0000 (GMT) [thread overview]
Message-ID: <20210419113122.82E9B3959C82@sourceware.org> (raw)
https://gcc.gnu.org/g:056563557e5e6e00d467760744c5b8e8525a06ac
commit r9-9362-g056563557e5e6e00d467760744c5b8e8525a06ac
Author: Jonathan Wakely <jwakely@redhat.com>
Date: Wed Apr 7 16:05:42 2021 +0100
libstdc++: Fix filesystem::path construction from COW string [PR 99805]
Calling the non-const data() member on a COW string makes it "leaked",
possibly resulting in reallocating the string to ensure a unique owner.
The path::_M_split_cmpts() member parses its _M_pathname string using
string_view objects and then calls _M_pathname.data() to find the offset
of each string_view from the start of the string. However because
_M_pathname is non-const that will cause a COW string to reallocate if
it happens to be shared with another string object. This results in the
offsets calculated for each component being wrong (i.e. undefined)
because the string views no longer refer to substrings of the
_M_pathname member. The fix is to use the parse.offset(c) member which
gets the offset safely.
The bug only happens for the path(string_type&&) constructor and only
for COW strings. When constructed from an lvalue string the string's
contents are copied rather than just incrementing the refcount, so
there's no reallocation when calling the non-const data() member. The
testsuite changes check the lvalue case anyway, because we should
probably change the deep copying to just be a refcount increment (by
adding a path(const string_type&) constructor or an overload for
__effective_range(const string_type&), for COW strings only).
libstdc++-v3/ChangeLog:
PR libstdc++/99805
* src/c++17/fs_path.cc (path::_M_split_cmpts): Do not call
non-const member on _M_pathname, to avoid copy-on-write.
* testsuite/27_io/filesystem/path/decompose/parent_path.cc:
Check construction from strings that might be shared.
(cherry picked from commit e06d3f5dd7d0c6b4a20fe813e6ee5addd097f560)
Diff:
---
libstdc++-v3/src/c++17/fs_path.cc | 10 ++++-----
.../27_io/filesystem/path/decompose/parent_path.cc | 25 +++++++++++++++++++++-
2 files changed, 28 insertions(+), 7 deletions(-)
diff --git a/libstdc++-v3/src/c++17/fs_path.cc b/libstdc++-v3/src/c++17/fs_path.cc
index b44fae03da0..ceb070436af 100644
--- a/libstdc++-v3/src/c++17/fs_path.cc
+++ b/libstdc++-v3/src/c++17/fs_path.cc
@@ -1887,10 +1887,9 @@ path::_M_split_cmpts()
_M_cmpts.type(_Type::_Multi);
_M_cmpts.reserve(_M_cmpts.size() + buf.size());
auto output = _M_cmpts._M_impl->end();
- for (auto& c : buf)
+ for (const auto& c : buf)
{
- auto pos = c.str.data() - _M_pathname.data();
- ::new(output++) _Cmpt(c.str, c.type, pos);
+ ::new(output++) _Cmpt(c.str, c.type, parser.offset(c));
++_M_cmpts._M_impl->_M_size;
}
next = buf.begin();
@@ -1910,9 +1909,8 @@ path::_M_split_cmpts()
auto output = _M_cmpts._M_impl->end();
for (int i = 0; i < n; ++i)
{
- auto c = buf[i];
- auto pos = c.str.data() - _M_pathname.data();
- ::new(output++) _Cmpt(c.str, c.type, pos);
+ const auto& c = buf[i];
+ ::new(output++) _Cmpt(c.str, c.type, parser.offset(c));
++_M_cmpts._M_impl->_M_size;
}
}
diff --git a/libstdc++-v3/testsuite/27_io/filesystem/path/decompose/parent_path.cc b/libstdc++-v3/testsuite/27_io/filesystem/path/decompose/parent_path.cc
index a49419f19dc..557fb9aff0c 100644
--- a/libstdc++-v3/testsuite/27_io/filesystem/path/decompose/parent_path.cc
+++ b/libstdc++-v3/testsuite/27_io/filesystem/path/decompose/parent_path.cc
@@ -18,7 +18,7 @@
// with this library; see the file COPYING3. If not see
// <http://www.gnu.org/licenses/>.
-// 8.4.9 path decomposition [path.decompose]
+// C++17 30.10.8.4.9 path decomposition [fs.path.decompose]
#include <filesystem>
#include <testsuite_hooks.h>
@@ -64,9 +64,32 @@ test02()
}
}
+void
+test03()
+{
+ const std::string narrow = "there/are/no/wrong/turns/only/unexpected/paths";
+ const path::string_type s(narrow.begin(), narrow.end());
+ const auto s1 = s.substr(0, s.length() - 6); // remove "/paths"
+ const auto s2 = s1.substr(0, s1.length() - 16); // remove "/only/..."
+
+ // PR libstdc++/99805
+ path p = path::string_type(s);
+ auto pp = p.parent_path();
+ VERIFY( pp.native() == s1 );
+ pp = pp.parent_path().parent_path();
+ VERIFY( pp.native() == s2 );
+
+ path from_lval(s);
+ pp = from_lval.parent_path();
+ VERIFY( pp.native() == s1 );
+ pp = pp.parent_path().parent_path();
+ VERIFY( pp.native() == s2 );
+}
+
int
main()
{
test01();
test02();
+ test03();
}
reply other threads:[~2021-04-19 11:31 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210419113122.82E9B3959C82@sourceware.org \
--to=redi@gcc.gnu.org \
--cc=gcc-cvs@gcc.gnu.org \
--cc=libstdc++-cvs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).