[gcc r13-5048] libstdc++: Fix misuse of alloca in std::bitset [PR108214]

[Jonathan Wakely <redi@gcc.gnu.org>]

https://gcc.gnu.org/g:553332c19a04ad0a6bbdd2aafc3499a1cb4dfa0c

commit r13-5048-g553332c19a04ad0a6bbdd2aafc3499a1cb4dfa0c
Author: Jonathan Wakely <jwakely@redhat.com>
Date:   Fri Jan 6 13:42:07 2023 +0000

    libstdc++: Fix misuse of alloca in std::bitset [PR108214]
    
    The use of alloca in a constructor is wrong, because the memory is gone
    after the constructor returns, and will be overwritten by a subsequent
    function call. This didn't show up in testing because function inlining
    alters the stack usage.
    
    libstdc++-v3/ChangeLog:
    
            PR libstdc++/108214
            * include/std/bitset (operator>>): Use alloca in the right
            scope, not in a constructor.
            * testsuite/20_util/bitset/io/input.cc: Check case from PR.

Diff:
---
 libstdc++-v3/include/std/bitset                   | 24 +++++++++++++----------
 libstdc++-v3/testsuite/20_util/bitset/io/input.cc | 21 ++++++++++++++++++++
 2 files changed, 35 insertions(+), 10 deletions(-)

diff --git a/libstdc++-v3/include/std/bitset b/libstdc++-v3/include/std/bitset
index 1f3f68fefce..edda0776629 100644
--- a/libstdc++-v3/include/std/bitset
+++ b/libstdc++-v3/include/std/bitset
@@ -1598,20 +1598,24 @@ _GLIBCXX_BEGIN_NAMESPACE_CONTAINER
 
       struct _Buffer
       {
-	_Buffer()
-	: _M_base(_Nb > 256 ? new _CharT[_Nb] : (_CharT*)__builtin_alloca(_Nb))
-	{ }
+	static _GLIBCXX_CONSTEXPR bool _S_use_alloca() { return _Nb <= 256; }
+
+	explicit _Buffer(_CharT* __p) : _M_ptr(__p) { }
 
 	~_Buffer()
 	{
-	  if _GLIBCXX17_CONSTEXPR (_Nb > 256)
-	    delete[] _M_base;
+	  if _GLIBCXX17_CONSTEXPR (!_S_use_alloca())
+	    delete[] _M_ptr;
 	}
 
-	_CharT* const _M_base;
+	_CharT* const _M_ptr;
       };
-      _Buffer __buf;
-      _CharT* __ptr = __buf._M_base;
+      _CharT* __ptr;
+      if _GLIBCXX17_CONSTEXPR (_Buffer::_S_use_alloca())
+	__ptr = (_CharT*)__builtin_alloca(_Nb);
+      else
+	__ptr = new _CharT[_Nb];
+      const _Buffer __buf(__ptr);
 
       // _GLIBCXX_RESOLVE_LIB_DEFECTS
       // 303. Bitset input operator underspecified
@@ -1662,8 +1666,8 @@ _GLIBCXX_BEGIN_NAMESPACE_CONTAINER
 
       if _GLIBCXX17_CONSTEXPR (_Nb)
       {
-	if (size_t __len = __ptr - __buf._M_base)
-	  __x.template _M_copy_from_ptr<_CharT, _Traits>(__buf._M_base, __len,
+	if (size_t __len = __ptr - __buf._M_ptr)
+	  __x.template _M_copy_from_ptr<_CharT, _Traits>(__buf._M_ptr, __len,
 							 0, __len,
 							 __zero, __one);
 	else
diff --git a/libstdc++-v3/testsuite/20_util/bitset/io/input.cc b/libstdc++-v3/testsuite/20_util/bitset/io/input.cc
index 0f22cefbb5b..4f7e6281ac5 100644
--- a/libstdc++-v3/testsuite/20_util/bitset/io/input.cc
+++ b/libstdc++-v3/testsuite/20_util/bitset/io/input.cc
@@ -42,8 +42,29 @@ void test01()
   VERIFY( ss.rdstate() == ios_base::goodbit ); // LWG 3199
 }
 
+void
+test02()
+{
+  std::bitset<4> a(0b1100), b;
+  std::stringstream ss;
+  ss << a;
+  ss >> b; // PR libstdc++/108214
+  VERIFY( b == a );
+
+  ss.str("");
+  ss.clear();
+
+  std::bitset<4000> c, d;
+  for (int i = 0; i < 4000; i += 5)
+    c.flip(i);
+  ss << c;
+  ss >> d;
+  VERIFY( d == c );
+}
+
 int main()
 {
   test01();
+  test02();
   return 0;
 }