[Bug libstdc++/93205] std::discrete_distribution's operator>> causes OOM
cvs-commit at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Wed Feb 26 16:44:00 GMT 2020
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93205
--- Comment #7 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-8 branch has been updated by Jonathan Wakely
<redi@gcc.gnu.org>:
https://gcc.gnu.org/g:f80c40f93f9e8781b14f1a8301467f117fd24051
commit r8-10091-gf80c40f93f9e8781b14f1a8301467f117fd24051
Author: Jonathan Wakely <jwakely@redhat.com>
Date: Wed Feb 26 16:09:52 2020 +0000
libstdc++: Fix undefined behaviour in random dist serialization (PR93205)
The deserialization functions for random number distributions fail to
check the stream state before using the extracted values. In some cases
this leads to using indeterminate values to resize a vector, and then
filling that vector with indeterminate values.
No values that affect control flow should be used without checking that a
good value was read from the stream.
Additionally, where reasonable to do so, defer modifying any state in
the distribution until all values have been successfully read, to avoid
modifying some of the distribution's parameters and leaving others
unchanged.
Backport from mainline
2020-01-09 Jonathan Wakely <jwakely@redhat.com>
PR libstdc++/93205
* include/bits/random.h (operator>>): Check stream operation succeeds.
* include/bits/random.tcc: (operator>>): Likewise.
(__extract_params): New function to fill a vector from a stream.
* testsuite/26_numerics/random/pr60037-neg.cc: Adjust dg-error line.
More information about the Gcc-bugs
mailing list