This is the mail archive of the
libstdc++@gcc.gnu.org
mailing list for the libstdc++ project.
[Patch] Fix vector wrt __len overflows
- From: Paolo Carlini <pcarlini at suse dot de>
- To: libstdc++ <libstdc++ at gcc dot gnu dot org>
- Date: Tue, 19 Oct 2004 18:28:44 +0200
- Subject: [Patch] Fix vector wrt __len overflows
Hi,
the below is tested x86-linux. Creating an appropriate testcase not
thrashing most machines seems very difficult but the issue is rather
clear and easy to fix. If nobody objects I will commit it very soon...
Paolo.
//////////////
2004-10-19 Paolo Carlini <pcarlini@suse.de>
Dhruv Matani <dhruvbird@gmx.net>
* include/bits/vector.tcc (_M_insert_aux, _M_fill_insert,
_M_range_insert): Don't risk crashing badly when __len
overflows.
diff -urN libstdc++-v3-orig/include/bits/vector.tcc libstdc++-v3/include/bits/vector.tcc
--- libstdc++-v3-orig/include/bits/vector.tcc 2004-07-28 18:37:17.000000000 +0200
+++ libstdc++-v3/include/bits/vector.tcc 2004-10-19 17:49:12.000000000 +0200
@@ -263,6 +263,11 @@
{
const size_type __old_size = size();
const size_type __len = __old_size != 0 ? 2 * __old_size : 1;
+ // When sizeof(value_type) == 1 and __old_size > size_type(-1)/2
+ // __len overflows: if we don't notice and _M_allocate doesn't
+ // throw we crash badly later.
+ if (__len < __old_size)
+ __throw_length_error(__N("vector::_M_insert_aux"));
iterator __new_start(this->_M_allocate(__len));
iterator __new_finish(__new_start);
try
@@ -279,7 +284,7 @@
iterator(this->_M_impl._M_finish),
__new_finish,
this->get_allocator());
- }
+ }
catch(...)
{
std::_Destroy(__new_start, __new_finish, this->get_allocator());
@@ -338,6 +343,9 @@
{
const size_type __old_size = size();
const size_type __len = __old_size + std::max(__old_size, __n);
+ // See _M_insert_aux above.
+ if (__len < __old_size)
+ __throw_length_error(__N("vector::_M_fill_insert"));
iterator __new_start(this->_M_allocate(__len));
iterator __new_finish(__new_start);
try
@@ -430,6 +438,9 @@
{
const size_type __old_size = size();
const size_type __len = __old_size + std::max(__old_size, __n);
+ // See _M_insert_aux above.
+ if (__len < __old_size)
+ __throw_length_error(__N("vector::_M_range_insert"));
iterator __new_start(this->_M_allocate(__len));
iterator __new_finish(__new_start);
try