projects / platform / upstream / gcc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3fb2c2f) | patch
libstdc++: Fix std::to_chars buffer overflow (PR 95851)
authorJonathan Wakely <jwakely@redhat.com>
Tue, 23 Jun 2020 21:47:58 +0000 (22:47 +0100)
committerJonathan Wakely <jwakely@redhat.com>
Wed, 24 Jun 2020 11:28:13 +0000 (12:28 +0100)
commitbe50843754b4c4d47f0d628a84b3dbf2a4145a43
tree782b6375869a10c2d234def90cd3961d7eeb1f3ftree | snapshot
parent3fb2c2f4d0a43b96e9e4907db952e57a5cbe61efcommit | diff
libstdc++: Fix std::to_chars buffer overflow (PR 95851)

The __detail::__to_chars_2 function assumes it won't be called with zero
values. However, when the output buffer is empty the caller doesn't
handle zero values correctly, and calls __to_chars_2 with a zero value,
resulting in an overflow of the empty buffer.

The __detail::__to_chars_i function should just return immediately for
an empty buffer, and otherwise ensure zero values are handled properly.

libstdc++-v3/ChangeLog:

PR libstdc++/95851
* include/std/charconv (__to_chars_i): Check for zero-sized
buffer unconditionally.
* testsuite/20_util/to_chars/95851.cc: New test.
libstdc++-v3/include/std/charconv diff | blob | history
libstdc++-v3/testsuite/20_util/to_chars/95851.cc [new file with mode: 0644] blob
Domain: System / Toolchain;