From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 68E763858C50 for ; Thu, 4 Apr 2024 16:30:45 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 68E763858C50 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 68E763858C50 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712248256; cv=none; b=K3lCJsuHEd0n12bsY4t2ZQPiHYgaFX7Q7BDGRcC1UUIAEtaidazU7GZVLSgU7lvzn8u0xTuRnfOXIePFbjpnEuRpcc+KtbQmjBVKhYCY0Ym1h/xfd3y1Jx8tyHdwc4VlzNoepbVxloD2ymt8wFHwJNahUd/a01B2bDjk0W4QOAA= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712248256; c=relaxed/simple; bh=F+oIhIVhKN+3fLqJuFKlEr8LMDaXFLywBcFWcKoPWNY=; h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=C2p0Ob9xj4i/8OltaZrSvoSehCB43kdJXrLuslqPwSvkynuuRwJ+eXTgg0ePLag3dBzqtTKdk2S2qVS8ZN6vAZxpOYyxdGtK984bDFyACyY3lo/6apjB39qfM09OFQvWkuPp7OfcAohb+XPAwGE3RkIautZxm4NCXXFVrHCgYBE= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1712248245; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JKAP1AO2JdWBUjFVP8950IdJuTKzhzKAMQCyxOnbn38=; b=ECPONAA0XFwHkUjAIRtK1CQidY9S1Bvy/McwUrr5mQQx6rN27ihoXOZOVALxgAt15dny4Q PF8CQieTD8ZPDpUMTJPnL+8mNyvHxtJWw68dcn1dOzsZwNuM0j3HyQLRZgq1TkROvrcyCc Hl2AiArMAeSL7cl0go4o59bBKaMNnhM= Received: from mail-yw1-f197.google.com (mail-yw1-f197.google.com [209.85.128.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-43-WX6TA6YNPMOjLd5bSL-87Q-1; Thu, 04 Apr 2024 12:30:43 -0400 X-MC-Unique: WX6TA6YNPMOjLd5bSL-87Q-1 Received: by mail-yw1-f197.google.com with SMTP id 00721157ae682-61575fc6d1cso19566317b3.1 for ; Thu, 04 Apr 2024 09:30:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712248243; x=1712853043; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JKAP1AO2JdWBUjFVP8950IdJuTKzhzKAMQCyxOnbn38=; b=qv8pWWaqkCEjQRpNmG8SlerHBLeLLznKmhk+ZuE+dIUyE0nQ2EpmbS6n3fMNLDBu2Y L07sB2IE/zmDfJ4KwUh3bWJwPAcZTXgA2Kx2uQeMtCuZTmjnK19u31A+2SLFgGffSQh2 3fucv6q3n3EqzO92eSFxk8JFbQix3yVE+0FuWq3Ah2IUzX0n/lbzcl57OXXqewwDYEJ8 1KjpvEfHbsBN+Eny663Pr9LlCEV3xpUO4wF1SKhqsdLNHPg8C9xbRJ3TxFHu44h4TStX Vo+zuNNacsoZXP3u3hdg4++b+NnN7BigHnMS2VXh3LY/RoVmQDN4F+pSkhhMQj4W7CKU AGCA== X-Gm-Message-State: AOJu0Yz6863+VQlUFRBL5WCr+iFoLA8opsWmP+JtP099H55irGZZpOov 4aPbdyftTE+t3J2T2n8aftl9VXXJXGzoUktFewuYs0PrTfFozUyNq9wm8jV3fsm39wphbGP+OgB mmOmyBlcp3nEz203v2tqi3KS6sFaqTMktAgnjntla7dATK/QXOsfAuyQ9CrCIN+QvMDquwd6OyB u0IWF3cHwO4EUAWR1KoV7cclp0nDU= X-Received: by 2002:a25:5583:0:b0:dc6:17d2:3b89 with SMTP id j125-20020a255583000000b00dc617d23b89mr2430999ybb.61.1712248243076; Thu, 04 Apr 2024 09:30:43 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE6nBIE5cELW96Cd9aVbQ5Vs0VYirvcbcceg4rbimZQqD2utRrpEnZE3I9tGl7zIy5WCHavvAA6HeBgTtTPoAY= X-Received: by 2002:a25:5583:0:b0:dc6:17d2:3b89 with SMTP id j125-20020a255583000000b00dc617d23b89mr2430986ybb.61.1712248242752; Thu, 04 Apr 2024 09:30:42 -0700 (PDT) MIME-Version: 1.0 References: <20240404153158.313297-1-jwakely@redhat.com> <19633866-184F-4E13-B05B-C3473946E2B9@googlemail.com> In-Reply-To: <19633866-184F-4E13-B05B-C3473946E2B9@googlemail.com> From: Jonathan Wakely Date: Thu, 4 Apr 2024 17:30:26 +0100 Message-ID: Subject: Re: [PATCH] libstdc++: Fix infinite loop in std::istream::ignore(n, delim) [PR93672] To: Iain Sandoe Cc: "libstdc++" , GCC Patches X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-12.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Thu, 4 Apr 2024 at 16:40, Iain Sandoe wrote: > > > > > On 4 Apr 2024, at 16:29, Jonathan Wakely wrote: > > > > I would appreciate more eyes on this to confirm my conclusions about > > negative int_type values, and the proposed fix, make sense. > > > > Tested x86_64-linux. > > > > -- >8 -- > > > > A negative value for the delim value passed to std::istream::ignore can > > never match any character in the stream, because the comparison is done > > using traits_type::eq_int_type(sb->sgetc(), delim) and sgetc() never > > returns negative values (except at EOF). The optimized version of > > ignore for the std::istream specialization uses traits_type::find to > > locate the delim character in the streambuf, which _can_ match a > > negative delim on platforms where char is signed, but then we do anothe= r > > comparison using eq_int_type which fails. The code then keeps looping > > forever, with traits_type::find saying the character is present and > > eq_int_type saying it's not. > > > > A possible fix would be to check with eq_int_type after a successful > > find, to see whether we really have a match. However, that would be > > suboptimal since we know that a negative delimiter will never match > > using eq_int_type. So a better fix is to adjust the check at the top of > > the function that handles delim=3D=3Deof(), so that we treat all negati= ve > > delim values as equivalent to EOF. That way we don't bother using find > > to search for something that will never match with eq_int_type. > > Is the corollary to this that a platform with signed chars can never use = a > negative value as a delimiter - since that we always be treated as EOF? That's what the C++ standard says (and is what libc++ does). The delimiter argument to ignore is an int_type, not a char. So formally you should call it like: std::cin.ignore(n, std::istream::traits_type::to_int_type('a')); where to_int_type will cast to unsigned char and then to int, so that no char can ever produce a negative value for that argument. If you happen to know that casting 'a' to unsigned char and then to int doesn't change its value (because it's a 7-bit ASCII value), then you can be lazy and do: std::cin.ignore(n, 'a'); That works fine. But if your delimiter character is the MSB set, *and* char is signed on your platform, then you can't be lazy. The implicit conversion from char to the stream's int_type is not the same as the result of calling traits_type::to_int_type, and so these are NOT equivalent on a platform with signed char: std::cin.ignore(n, '\x80'); std::cin.ignore(n, (unsigned char)'\x80'); The former is wrong, the latter is correct. The former will never match a '\x80' in the stream, because the ignore function will cast each char extracted from the stream to (int)(unsigned char) and so never match -128. So the change to treat all negative values as EOF is just an optimization. Since they can never match, there's no point searching for them. Just skip n chars. > > - I am not sure it there=E2=80=99s an actual use-case where that matters,= but, > Iain > > > > > The version of ignore in the primary template doesn't need a change, > > because it doesn't use traits_type::find, instead characters are > > extracted one-by-one and always matched using eq_int_type. That avoids > > the inconsistency between find and eq_int_type. > > > > libstdc++-v3/ChangeLog: > > > > PR libstdc++/93672 > > * src/c++98/istream.cc (istream::ignore(streamsize, int_type)): > > Treat all negative delimiter values as eof(). > > * testsuite/27_io/basic_istream/ignore/char/93672.cc: New test. > > --- > > libstdc++-v3/src/c++98/istream.cc | 5 ++++- > > .../27_io/basic_istream/ignore/char/93672.cc | 15 +++++++++++++++ > > 2 files changed, 19 insertions(+), 1 deletion(-) > > create mode 100644 libstdc++-v3/testsuite/27_io/basic_istream/ignore/ch= ar/93672.cc > > > > diff --git a/libstdc++-v3/src/c++98/istream.cc b/libstdc++-v3/src/c++98= /istream.cc > > index 07ac739c26a..aa1069dea07 100644 > > --- a/libstdc++-v3/src/c++98/istream.cc > > +++ b/libstdc++-v3/src/c++98/istream.cc > > @@ -112,7 +112,10 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION > > basic_istream:: > > ignore(streamsize __n, int_type __delim) > > { > > - if (traits_type::eq_int_type(__delim, traits_type::eof())) > > + // sgetc() returns either (int_type)(unsigned char)c or -1 for E= OF. > > + // If __delim is negative, then eq_int_type(sgetc(), __delim) ca= n only > > + // be true for EOF, so just treat all negative values as eof(). > > + if (__delim < 0) > > return ignore(__n); > > > > _M_gcount =3D 0; > > diff --git a/libstdc++-v3/testsuite/27_io/basic_istream/ignore/char/936= 72.cc b/libstdc++-v3/testsuite/27_io/basic_istream/ignore/char/93672.cc > > new file mode 100644 > > index 00000000000..6d11f5622c8 > > --- /dev/null > > +++ b/libstdc++-v3/testsuite/27_io/basic_istream/ignore/char/93672.cc > > @@ -0,0 +1,15 @@ > > +// { dg-do run } > > + > > +#include > > +#include > > + > > +int main() > > +{ > > + std::istringstream in("x\xfdxxx\xfex"); > > + in.ignore(10, std::char_traits::to_int_type('\xfd')); > > + VERIFY( in.gcount() =3D=3D 2 ); > > + VERIFY( ! in.eof() ); > > + in.ignore(10, '\xfe'); > > + VERIFY( in.gcount() =3D=3D 5 ); > > + VERIFY( in.eof() ); > > +} > > -- > > 2.44.0 > > >