This is the mail archive of the
libstdc++@gcc.gnu.org
mailing list for the libstdc++ project.
[v3] Fix out-of-bounds search in num_get::_M_extract_int
- From: Richard Sandiford <rsandifo at redhat dot com>
- To: gcc-patches at gcc dot gnu dot org
- Cc: libstdc++ at gcc dot gnu dot org
- Date: Tue, 24 Feb 2004 20:29:33 +0000
- Subject: [v3] Fix out-of-bounds search in num_get::_M_extract_int
This patch fixes a bounds error in _M_extract_int. The function uses:
__p = __traits_type::find(__lit_zero, __len, __c)
to see whether C is a legitimate digit for the current base,
where __lit_zero == &_M_atoms_in[_S_izero]. The problem is in
the value of __len for hex constants:
const size_t __len = __base == 16 ? _S_iend : __base;
since _S_iend is the length of the entire _M_atoms array, not the
number of characters after _S_izero.
This was causing 22_locale/num_get/get/char/4.cc to fail for -mabi=64
on mips64el-linux-gnu. One of the characters after _M_atoms happened
to be a space, so when parsing "0xbffff74c Durack", the parser would
treat " D" as part of the number. For some reason, this only started
failing in the last couple of weeks or so.
Patch tested on mips64{,el}-linux-gnu. It brings us back to zero
FAILs in libstdc++-v3. OK for 3.4 and HEAD?
Richard
* include/bits/locale_facets.tcc (num_get::_M_extract_int): Fix bounds
error in handling of hex constants.
Index: include/bits/locale_facets.tcc
===================================================================
RCS file: /cvs/gcc/gcc/libstdc++-v3/include/bits/locale_facets.tcc,v
retrieving revision 1.166.2.6
diff -u -p -F^\([(a-zA-Z0-9_]\|#define\) -r1.166.2.6 locale_facets.tcc
--- include/bits/locale_facets.tcc 17 Feb 2004 19:23:15 -0000 1.166.2.6
+++ include/bits/locale_facets.tcc 24 Feb 2004 20:08:02 -0000
@@ -391,7 +391,7 @@ namespace std
// At this point, base is determined. If not hex, only allow
// base digits as valid input.
- const size_t __len = __base == 16 ? _S_iend : __base;
+ const size_t __len = __base == 16 ? _S_iend - _S_izero : __base;
// Extract.
string __found_grouping;