[gcc r10-10562] libstdc++: Avoid overflow in ranges::advance(i, n, bound)

Jonathan Wakely redi@gcc.gnu.org
Tue Apr 26 13:11:59 GMT 2022


https://gcc.gnu.org/g:486adf83b0ad75f330651000fd640c6b9d86a97f

commit r10-10562-g486adf83b0ad75f330651000fd640c6b9d86a97f
Author: Jonathan Wakely <jwakely@redhat.com>
Date:   Wed Jan 26 16:08:51 2022 +0000

    libstdc++: Avoid overflow in ranges::advance(i, n, bound)
    
    When (bound - i) or n is the most negative value of its type, the
    negative of the value will overflow. Instead of abs(n) >= abs(bound - i)
    use n >= (bound - i) when positive and n <= (bound - i) when negative.
    The function has a precondition that they must have the same sign, so
    this works correctly. The precondition check can be moved into the else
    branch, and simplified.
    
    The standard requires calling ranges::advance(i, bound) even if i==bound
    is already true, which is technically observable, but that's pointless.
    We can just return n in that case. Similarly, for i!=bound but n==0 we
    are supposed to call ranges::advance(i, n), but that's pointless. An LWG
    issue to allow omitting the pointless calls is expected to be filed.
    
    libstdc++-v3/ChangeLog:
    
            * include/bits/range_access.h (ranges::advance): Avoid signed
            overflow. Do nothing if already equal to desired result.
            * testsuite/24_iterators/range_operations/advance_overflow.cc:
            New test.
    
    (cherry picked from commit f21f22d1baf7e90f3edbfc48040c76fb14103803)

Diff:
---
 libstdc++-v3/include/bits/range_access.h           | 24 +++++++-------
 .../range_operations/advance_overflow.cc           | 37 ++++++++++++++++++++++
 2 files changed, 50 insertions(+), 11 deletions(-)

diff --git a/libstdc++-v3/include/bits/range_access.h b/libstdc++-v3/include/bits/range_access.h
index bf46f366486..36bc55e6559 100644
--- a/libstdc++-v3/include/bits/range_access.h
+++ b/libstdc++-v3/include/bits/range_access.h
@@ -1011,25 +1011,27 @@ namespace ranges
 	  {
 	    const auto __diff = __bound - __it;
 
-#ifdef __cpp_lib_is_constant_evaluated
-	    if (std::is_constant_evaluated()
-		&& !(__n == 0 || __diff == 0 || (__n < 0 == __diff < 0)))
-	      throw "inconsistent directions for distance and bound";
-#endif
-	    // n and bound must not lead in opposite directions:
-	    __glibcxx_assert(__n == 0 || __diff == 0 || (__n < 0 == __diff < 0));
-	    const auto __absdiff = __diff < 0 ? -__diff : __diff;
-	    const auto __absn = __n < 0 ? -__n : __n;;
-	    if (__absn >= __absdiff)
+	    if (__diff == 0)
+	      return __n;
+	    else if (__diff > 0 ? __n >= __diff : __n <= __diff)
 	      {
 		(*this)(__it, __bound);
 		return __n - __diff;
 	      }
-	    else
+	    else if (__n != 0) [[likely]]
 	      {
+#ifdef __cpp_lib_is_constant_evaluated
+		if (std::is_constant_evaluated() && !(__n < 0 == __diff < 0))
+		  throw "inconsistent directions for distance and bound";
+#endif
+		// n and bound must not lead in opposite directions:
+		__glibcxx_assert(__n < 0 == __diff < 0);
+
 		(*this)(__it, __n);
 		return 0;
 	      }
+	    else
+	      return 0;
 	  }
 	else if (__it == __bound || __n == 0)
 	  return __n;
diff --git a/libstdc++-v3/testsuite/24_iterators/range_operations/advance_overflow.cc b/libstdc++-v3/testsuite/24_iterators/range_operations/advance_overflow.cc
new file mode 100644
index 00000000000..0fadcd6e99a
--- /dev/null
+++ b/libstdc++-v3/testsuite/24_iterators/range_operations/advance_overflow.cc
@@ -0,0 +1,37 @@
+// { dg-options "-std=gnu++20" }
+// { dg-do compile { target c++20 } }
+
+// Public domain testcase from Casey Carter, send to LWG list on 2021-07-24.
+//
+// Here's a compile-only test case for which n is INT_MIN, which will overflow
+// if simply negated to get |n|: https://godbolt.org/z/M7Wz1nW58.
+
+#include <cassert>
+#include <iterator>
+#include <limits>
+
+struct I {
+    using difference_type = int;
+    using value_type = int;
+
+    int x;
+
+    constexpr int operator*() const { return x; }
+    constexpr I& operator++() { ++x; return *this; }
+    constexpr I operator++(int) { ++x; return {x - 1}; }
+    constexpr bool operator==(const I&) const = default;
+
+    constexpr int operator-(const I& that) const { return x - that.x; }
+
+    constexpr I& operator--() { --x; return *this; }
+    constexpr I operator--(int) { --x; return {x - 1}; }
+};
+static_assert(std::bidirectional_iterator<I>);
+static_assert(std::sized_sentinel_for<I, I>);
+
+constexpr bool test() {
+    using L = std::numeric_limits<int>;
+    I i{-2};
+    return std::ranges::advance(i, L::min(), I{-4}) == L::min() + 2;
+}
+static_assert(test());


More information about the Gcc-cvs mailing list