[gcc r12-5906] libstdc++: check length in string append [PR103534]

Jason Merrill jason@gcc.gnu.org
Sat Dec 11 04:58:24 GMT 2021 

https://gcc.gnu.org/g:2e8067041d1d69da02bd7578f58abc11eb35a04b

commit r12-5906-g2e8067041d1d69da02bd7578f58abc11eb35a04b
Author: Jason Merrill <jason@redhat.com>
Date:   Fri Dec 10 11:21:50 2021 -0500

    libstdc++: check length in string append [PR103534]
    
    In the testcase for 103534 we get a warning about append leading to memcpy
    of a very large number of bytes overflowing the buffer.  This turns out to
    be because we weren't calling _M_check_length for string append.  Rather
    than do that directly, let's go through the public pointer append that calls
    it.
    
            PR c++/103534
    
    libstdc++-v3/ChangeLog:
    
            * include/bits/basic_string.h (append (basic_string)): Call pointer
            append instead of _M_append directly.
    
    gcc/testsuite/ChangeLog:
    
            * g++.dg/warn/Wstringop-overflow-8.C: New test.

Diff:
---
 libstdc++-v3/include/bits/basic_string.h         |  8 ++++----
 gcc/testsuite/g++.dg/warn/Wstringop-overflow-8.C | 10 ++++++++++
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/libstdc++-v3/include/bits/basic_string.h b/libstdc++-v3/include/bits/basic_string.h
index 4007a8d2d7c..3da2f8088ac 100644
--- a/libstdc++-v3/include/bits/basic_string.h
+++ b/libstdc++-v3/include/bits/basic_string.h
@@ -1382,7 +1382,7 @@ _GLIBCXX_BEGIN_NAMESPACE_CXX11
       _GLIBCXX20_CONSTEXPR
       basic_string&
       append(const basic_string& __str)
-      { return _M_append(__str._M_data(), __str.size()); }
+      { return this->append(__str._M_data(), __str.size()); }
 
       /**
        *  @brief  Append a substring.
@@ -1400,9 +1400,9 @@ _GLIBCXX_BEGIN_NAMESPACE_CXX11
       _GLIBCXX20_CONSTEXPR
       basic_string&
       append(const basic_string& __str, size_type __pos, size_type __n = npos)
-      { return _M_append(__str._M_data()
-			 + __str._M_check(__pos, "basic_string::append"),
-			 __str._M_limit(__pos, __n)); }
+      { return this->append(__str._M_data()
+			    + __str._M_check(__pos, "basic_string::append"),
+			    __str._M_limit(__pos, __n)); }
 
       /**
        *  @brief  Append a C substring.
diff --git a/gcc/testsuite/g++.dg/warn/Wstringop-overflow-8.C b/gcc/testsuite/g++.dg/warn/Wstringop-overflow-8.C
new file mode 100644
index 00000000000..d0ef5e73f93
--- /dev/null
+++ b/gcc/testsuite/g++.dg/warn/Wstringop-overflow-8.C
@@ -0,0 +1,10 @@
+// PR c++/103534
+// { dg-additional-options "-O -Wall" }
+
+#include <string>
+
+std::string foo(std::string x)
+{
+  // This used to get a bogus -Wstringop-overflow warning.
+  return std::string("1234567890123456") + x;
+}

More information about the Libstdc++-cvs mailing list