[Bug libstdc++/93205] std::discrete_distribution's operator>> causes OOM
cvs-commit at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Wed Feb 26 16:32:00 GMT 2020
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93205
--- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-9 branch has been updated by Jonathan Wakely
<redi@gcc.gnu.org>:
https://gcc.gnu.org/g:a29236a23c03fe08998b81a0ef1f67e7ea185ba3
commit r9-8289-ga29236a23c03fe08998b81a0ef1f67e7ea185ba3
Author: Jonathan Wakely <jwakely@redhat.com>
Date: Wed Feb 26 16:31:19 2020 +0000
libstdc++: Fix undefined behaviour in random dist serialization (PR93205)
The deserialization functions for random number distributions fail to
check the stream state before using the extracted values. In some cases
this leads to using indeterminate values to resize a vector, and then
filling that vector with indeterminate values.
No values that affect control flow should be used without checking that a
good value was read from the stream.
Additionally, where reasonable to do so, defer modifying any state in
the distribution until all values have been successfully read, to avoid
modifying some of the distribution's parameters and leaving others
unchanged.
Backport from mainline
2020-01-09 Jonathan Wakely <jwakely@redhat.com>
PR libstdc++/93205
* include/bits/random.h (operator>>): Check stream operation succeeds.
* include/bits/random.tcc: (operator>>): Likewise.
(__extract_params): New function to fill a vector from a stream.
* testsuite/26_numerics/random/pr60037-neg.cc: Adjust dg-error line.
More information about the Gcc-bugs
mailing list