public inbox for libstdc++-cvs@sourceware.org
help / color / mirror / Atom feed
From: Jonathan Wakely <redi@gcc.gnu.org>
To: gcc-cvs@gcc.gnu.org, libstdc++-cvs@gcc.gnu.org
Subject: [gcc r14-2105] libstdc++: Fix std::format for pointers [PR110239]
Date: Mon, 26 Jun 2023 16:43:38 +0000 (GMT)	[thread overview]
Message-ID: <20230626164338.CE96D3858298@sourceware.org> (raw)

https://gcc.gnu.org/g:3bb9f9329c378934541ae4cff9977b7487e97cf0

commit r14-2105-g3bb9f9329c378934541ae4cff9977b7487e97cf0
Author: Jonathan Wakely <jwakely@redhat.com>
Date:   Mon Jun 26 14:46:46 2023 +0100

    libstdc++: Fix std::format for pointers [PR110239]
    
    The formatter for pointers was casting to uint64_t which sign extends a
    32-bit pointer and produces a value that won't fit in the provided
    buffer. Cast to uintptr_t instead.
    
    There was also a bug in the __parse_integer helper when converting a
    wide string to a narrow string in order to use std::from_chars on it.
    The function would always try to read 32 characters, even if the format
    string was shorter than that. Fix that bug, and remove the constexpr
    implementation of __parse_integer by just using __from_chars_alnum
    instead of from_chars, because that's usable in constexpr even in
    C++20.
    
    libstdc++-v3/ChangeLog:
    
            PR libstdc++/110239
            * include/std/format (__format::__parse_integer): Fix buffer
            overflow for wide chars.
            (formatter<const void*, C>::format): Cast to uintptr_t instead
            of uint64_t.
            * testsuite/std/format/string.cc: Test too-large widths.

Diff:
---
 libstdc++-v3/include/std/format             | 33 +++++++++--------------------
 libstdc++-v3/testsuite/std/format/string.cc |  5 +++++
 2 files changed, 15 insertions(+), 23 deletions(-)

diff --git a/libstdc++-v3/include/std/format b/libstdc++-v3/include/std/format
index 96a1e62ccc8..9d5981e4882 100644
--- a/libstdc++-v3/include/std/format
+++ b/libstdc++-v3/include/std/format
@@ -269,39 +269,26 @@ namespace __format
       if (__first == __last)
 	__builtin_unreachable();
 
-      // TODO: use this loop unconditionally?
-      // Most integers used for arg-id, width or precision will be small.
-      if (is_constant_evaluated())
-	{
-	  auto __next = __first;
-	  unsigned short __val = 0;
-	  while (__next != __last && '0' <= *__next && *__next <= '9')
-	    {
-	      __val = (__val * 10) + (*__next - '0'); // TODO check overflow?
-	      ++__next;
-	    }
-	  if (__next == __first)
-	    return {0, nullptr};
-	  return {__val, __next};
-	}
-
-      unsigned short __val = 0;
       if constexpr (is_same_v<_CharT, char>)
 	{
-	  auto [ptr, ec] = std::from_chars(__first, __last, __val);
-	  if (ec == errc{})
-	    return {__val, ptr};
-	  return {0, nullptr};
+	  const auto __start = __first;
+	  unsigned short __val = 0;
+	  // N.B. std::from_chars is not constexpr in C++20.
+	  if (__detail::__from_chars_alnum<true>(__first, __last, __val, 10)
+		&& __first != __start) [[likely]]
+	    return {__val, __first};
 	}
       else
 	{
+	  unsigned short __val = 0;
 	  constexpr int __n = 32;
 	  char __buf[__n]{};
-	  for (int __i = 0; __i < __n && __first != __last; ++__i)
+	  for (int __i = 0; __i < __n && (__first + __i) != __last; ++__i)
 	    __buf[__i] = __first[__i];
 	  auto [__v, __ptr] = __format::__parse_integer(__buf, __buf + __n);
 	  return {__v, __first + (__ptr - __buf)};
 	}
+      return {0, nullptr};
     }
 
   template<typename _CharT>
@@ -2118,7 +2105,7 @@ namespace __format
 	typename basic_format_context<_Out, _CharT>::iterator
 	format(const void* __v, basic_format_context<_Out, _CharT>& __fc) const
 	{
-	  auto __u = reinterpret_cast<__UINT64_TYPE__>(__v);
+	  auto __u = reinterpret_cast<__UINTPTR_TYPE__>(__v);
 	  char __buf[2 + sizeof(__v) * 2];
 	  auto [__ptr, __ec] = std::to_chars(__buf + 2, std::end(__buf),
 					     __u, 16);
diff --git a/libstdc++-v3/testsuite/std/format/string.cc b/libstdc++-v3/testsuite/std/format/string.cc
index e421028a873..d28135ec260 100644
--- a/libstdc++-v3/testsuite/std/format/string.cc
+++ b/libstdc++-v3/testsuite/std/format/string.cc
@@ -121,6 +121,11 @@ test_format_spec()
   // Invalid presentation types for strings.
   VERIFY( ! is_format_string_for("{:S}", "str") );
   VERIFY( ! is_format_string_for("{:d}", "str") );
+
+  // Maximum integer value supported for widths and precisions is USHRT_MAX.
+  VERIFY( is_format_string_for("{:65535}", 1) );
+  VERIFY( ! is_format_string_for("{:65536}", 1) );
+  VERIFY( ! is_format_string_for("{:9999999}", 1) );
 }
 
 int main()

                 reply	other threads:[~2023-06-26 16:43 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230626164338.CE96D3858298@sourceware.org \
    --to=redi@gcc.gnu.org \
    --cc=gcc-cvs@gcc.gnu.org \
    --cc=libstdc++-cvs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).