From: Jonathan Wakely Date: Tue, 14 Jun 2022 13:37:25 +0000 (+0100) Subject: libstdc++: Check for size overflow in constexpr allocation [PR105957] X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=0a9af7b4ef1b8aa85cc8820acf54d41d1569fc10;p=platform%2Fupstream%2Fgcc.git libstdc++: Check for size overflow in constexpr allocation [PR105957] libstdc++-v3/ChangeLog: PR libstdc++/105957 * include/bits/allocator.h (allocator::allocate): Check for overflow in constexpr allocation. * testsuite/20_util/allocator/105975.cc: New test. --- diff --git a/libstdc++-v3/include/bits/allocator.h b/libstdc++-v3/include/bits/allocator.h index ee1121b..aec0b37 100644 --- a/libstdc++-v3/include/bits/allocator.h +++ b/libstdc++-v3/include/bits/allocator.h @@ -184,7 +184,12 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION allocate(size_t __n) { if (std::__is_constant_evaluated()) - return static_cast<_Tp*>(::operator new(__n * sizeof(_Tp))); + { + if (__builtin_mul_overflow(__n, sizeof(_Tp), &__n)) + std::__throw_bad_array_new_length(); + return static_cast<_Tp*>(::operator new(__n)); + } + return __allocator_base<_Tp>::allocate(__n, 0); } diff --git a/libstdc++-v3/testsuite/20_util/allocator/105975.cc b/libstdc++-v3/testsuite/20_util/allocator/105975.cc new file mode 100644 index 0000000..4342aea --- /dev/null +++ b/libstdc++-v3/testsuite/20_util/allocator/105975.cc @@ -0,0 +1,18 @@ +// { dg-options "-std=gnu++20" } +// { dg-do compile { target c++20 } } + +// PR libstdc++/105957 + +#include + +consteval bool test_pr105957() +{ + std::allocator a; + auto n = std::size_t(-1) / (sizeof(long long) - 1); + auto p = a.allocate(n); // { dg-error "constexpr" } + a.deallocate(p, n); + return true; +} +static_assert( test_pr105957() ); + +// { dg-error "throw_bad_array_new_length" "" { target *-*-* } 0 }