[Bug libstdc++/93205] std::discrete_distribution's operator>> causes OOM
redi at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Thu Jan 9 16:51:00 GMT 2020
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93205
--- Comment #3 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Author: redi
Date: Thu Jan 9 16:50:51 2020
New Revision: 280061
URL: https://gcc.gnu.org/viewcvs?rev=280061&root=gcc&view=rev
Log:
libstdc++: Fix undefined behaviour in random dist serialization (PR93205)
The deserialization functions for random number distributions fail to
check the stream state before using the extracted values. In some cases
this leads to using indeterminate values to resize a vector, and then
filling that vector with indeterminate values.
No values that affect control flow should be used without checking that a
good value was read from the stream.
Additionally, where reasonable to do so, defer modifying any state in
the distribution until all values have been successfully read, to avoid
modifying some of the distribution's parameters and leaving others
unchanged.
PR libstdc++/93205
* include/bits/random.h (operator>>): Check stream operation succeeds.
* include/bits/random.tcc (operator<<): Remove redundant __ostream_type
typedefs.
(operator>>): Remove redundant __istream_type typedefs. Check stream
operations succeed.
(__extract_params): New function to fill a vector from a stream.
* testsuite/26_numerics/random/pr60037-neg.cc: Adjust dg-error line.
Modified:
trunk/libstdc++-v3/ChangeLog
trunk/libstdc++-v3/include/bits/random.h
trunk/libstdc++-v3/include/bits/random.tcc
trunk/libstdc++-v3/testsuite/26_numerics/random/pr60037-neg.cc
More information about the Gcc-bugs
mailing list