From 61363445d46d72e2a6c8a821f4146c985404840d Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Sun, 19 Mar 2023 18:41:04 +0100
Subject: [PATCH] [libc++] Assert that lengths fit in difference_type

This can help flag accidentally passing in negative values into the  `string_view` constructor. This aligns with a similar check in `absl::string_view`.

Fixes https://github.com/llvm/llvm-project/issues/61100

Reviewed By: #libc, Mordante

Differential Revision: https://reviews.llvm.org/D145981
---
 libcxx/include/string_view                         |  1 +
 .../string.view/assert.ctor.length.pass.cpp        | 27 ++++++++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 libcxx/test/libcxx/strings/string.view/assert.ctor.length.pass.cpp

diff --git a/libcxx/include/string_view b/libcxx/include/string_view
index b61ca9e..3f5e1c4 100644
--- a/libcxx/include/string_view
+++ b/libcxx/include/string_view
@@ -306,6 +306,7 @@ public:
         : __data_(__s), __size_(__len)
     {
 #if _LIBCPP_STD_VER >= 14
+    _LIBCPP_ASSERT(__len <= static_cast<size_type>(numeric_limits<difference_type>::max()), "string_view::string_view(_CharT *, size_t): length does not fit in difference_type");
     _LIBCPP_ASSERT(__len == 0 || __s != nullptr, "string_view::string_view(_CharT *, size_t): received nullptr");
 #endif
     }
diff --git a/libcxx/test/libcxx/strings/string.view/assert.ctor.length.pass.cpp b/libcxx/test/libcxx/strings/string.view/assert.ctor.length.pass.cpp
new file mode 100644
index 0000000..d6f0449
--- /dev/null
+++ b/libcxx/test/libcxx/strings/string.view/assert.ctor.length.pass.cpp
@@ -0,0 +1,27 @@
+//===----------------------------------------------------------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+// REQUIRES: has-unix-headers
+
+// UNSUPPORTED: c++03, c++11
+// XFAIL: use_system_cxx_lib && target={{.+}}-apple-macosx{{10.9|10.10|10.11|10.12|10.13|10.14|10.15|11.0|12.0}}
+// ADDITIONAL_COMPILE_FLAGS: -D_LIBCPP_ENABLE_ASSERTIONS=1
+
+// Construct a string_view from an invalid length
+// constexpr basic_string_view( const _CharT* s, size_type len )
+
+#include <string_view>
+
+#include "check_assertion.h"
+
+int main(int, char**) {
+  char c = 0;
+  TEST_LIBCPP_ASSERT_FAILURE(
+      std::string_view(&c, -1), "string_view::string_view(_CharT *, size_t): length does not fit in difference_type");
+  return 0;
+}
-- 
2.7.4