libstdc++: Fix undefined behaviour in random dist serialization (PR93205)
authorJonathan Wakely <jwakely@redhat.com>
Thu, 9 Jan 2020 16:50:51 +0000 (16:50 +0000)
committerJonathan Wakely <redi@gcc.gnu.org>
Thu, 9 Jan 2020 16:50:51 +0000 (16:50 +0000)
commit160e95dc3d73329d2367fb405ef9f0e12bd2cc7b
treeb67caf76937c772c71eb95f3a3aac5f2452ad054
parent0a09a9483825233f16e5b26bb0ffee76752339fc
libstdc++: Fix undefined behaviour in random dist serialization (PR93205)

The deserialization functions for random number distributions fail to
check the stream state before using the extracted values. In some cases
this leads to using indeterminate values to resize a vector, and then
filling that vector with indeterminate values.

No values that affect control flow should be used without checking that a
good value was read from the stream.

Additionally, where reasonable to do so, defer modifying any state in
the distribution until all values have been successfully read, to avoid
modifying some of the distribution's parameters and leaving others
unchanged.

PR libstdc++/93205
* include/bits/random.h (operator>>): Check stream operation succeeds.
* include/bits/random.tcc (operator<<): Remove redundant __ostream_type
typedefs.
(operator>>): Remove redundant __istream_type typedefs. Check stream
operations succeed.
(__extract_params): New function to fill a vector from a stream.
* testsuite/26_numerics/random/pr60037-neg.cc: Adjust dg-error line.

From-SVN: r280061
libstdc++-v3/ChangeLog
libstdc++-v3/include/bits/random.h
libstdc++-v3/include/bits/random.tcc
libstdc++-v3/testsuite/26_numerics/random/pr60037-neg.cc