From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <redi@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2181)
 id 55DCF385140C; Wed,  3 Aug 2022 13:46:53 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 55DCF385140C
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
From: Jonathan Wakely <redi@gcc.gnu.org>
To: gcc-cvs@gcc.gnu.org, libstdc++-cvs@gcc.gnu.org
Subject: [gcc r12-8655] libstdc++: Check for size overflow in constexpr
 allocation [PR105957]
X-Act-Checkin: gcc
X-Git-Author: Jonathan Wakely <jwakely@redhat.com>
X-Git-Refname: refs/heads/releases/gcc-12
X-Git-Oldrev: 8a57deb926cd660c2eae7ed621d61a301ae0d523
X-Git-Newrev: 2ef2de76dae5cac14e0de77ca7205e43be03ab22
Message-Id: <20220803134653.55DCF385140C@sourceware.org>
Date: Wed,  3 Aug 2022 13:46:53 +0000 (GMT)
X-BeenThere: libstdc++-cvs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libstdc++-cvs mailing list <libstdc++-cvs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/libstdc++-cvs>,
 <mailto:libstdc++-cvs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/libstdc++-cvs/>
List-Help: <mailto:libstdc++-cvs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/libstdc++-cvs>,
 <mailto:libstdc++-cvs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2022 13:46:53 -0000

https://gcc.gnu.org/g:2ef2de76dae5cac14e0de77ca7205e43be03ab22

commit r12-8655-g2ef2de76dae5cac14e0de77ca7205e43be03ab22
Author: Jonathan Wakely <jwakely@redhat.com>
Date:   Tue Jun 14 14:37:25 2022 +0100

    libstdc++: Check for size overflow in constexpr allocation [PR105957]
    
    libstdc++-v3/ChangeLog:
    
            PR libstdc++/105957
            * include/bits/allocator.h (allocator::allocate): Check for
            overflow in constexpr allocation.
            * testsuite/20_util/allocator/105975.cc: New test.
    
    (cherry picked from commit 0a9af7b4ef1b8aa85cc8820acf54d41d1569fc10)

Diff:
---
 libstdc++-v3/include/bits/allocator.h              |  7 ++++++-
 libstdc++-v3/testsuite/20_util/allocator/105975.cc | 18 ++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/libstdc++-v3/include/bits/allocator.h b/libstdc++-v3/include/bits/allocator.h
index f7770165273..a4b80d924d6 100644
--- a/libstdc++-v3/include/bits/allocator.h
+++ b/libstdc++-v3/include/bits/allocator.h
@@ -179,7 +179,12 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION
       allocate(size_t __n)
       {
 	if (std::__is_constant_evaluated())
-	  return static_cast<_Tp*>(::operator new(__n * sizeof(_Tp)));
+	  {
+	    if (__builtin_mul_overflow(__n, sizeof(_Tp), &__n))
+	      std::__throw_bad_array_new_length();
+	    return static_cast<_Tp*>(::operator new(__n));
+	  }
+
 	return __allocator_base<_Tp>::allocate(__n, 0);
       }
 
diff --git a/libstdc++-v3/testsuite/20_util/allocator/105975.cc b/libstdc++-v3/testsuite/20_util/allocator/105975.cc
new file mode 100644
index 00000000000..4342aeade04
--- /dev/null
+++ b/libstdc++-v3/testsuite/20_util/allocator/105975.cc
@@ -0,0 +1,18 @@
+// { dg-options "-std=gnu++20" }
+// { dg-do compile { target c++20 } }
+
+// PR libstdc++/105957
+
+#include <memory>
+
+consteval bool test_pr105957()
+{
+  std::allocator<long long> a;
+  auto n = std::size_t(-1) / (sizeof(long long) - 1);
+  auto p = a.allocate(n); // { dg-error "constexpr" }
+  a.deallocate(p, n);
+  return true;
+}
+static_assert( test_pr105957() );
+
+// { dg-error "throw_bad_array_new_length" "" { target *-*-* } 0 }