git.ipfire.org Git - thirdparty/gcc.git/commit

author	Patrick Palka <ppalka@redhat.com>
	Wed, 12 Jan 2022 14:10:24 +0000 (09:10 -0500)
committer	Patrick Palka <ppalka@redhat.com>
	Wed, 12 Jan 2022 14:10:24 +0000 (09:10 -0500)
commit	c0e355c77972d96fcec2ff7da047ad03e10e51d9
tree	a2b95a8b6186246bc2326919577b618f11f3e5ab	tree \| snapshot
parent	03a1a86b5ee40d4e2402516cbcdf39d981e433b3	commit \| diff

libstdc++: Avoid overflow in bounds checks [PR103955]

We currently crash when the floating-point to_chars overloads are passed
a precision value near INT_MAX, ultimately due to overflow in the bounds
checks that verify the output range is large enough.

The simplest portable fix seems to be to replace bounds checks of the form
A >= B + C (where B + C may overflow) with the otherwise equivalent check
A >= B && A - B >= C, which is the approach this patch takes.

Before we could do this in __floating_to_chars_hex, there we first need
to track the unbounded "excess" precision (i.e. the number of trailing
fractional digits in the output that are guaranteed to be '0') separately
from the bounded "effective" precision (i.e. the number of significant
fractional digits in the output), like we do in __f_t_c_precision.

PR libstdc++/103955

libstdc++-v3/ChangeLog:

* src/c++17/floating_to_chars.cc (__floating_to_chars_hex):
Track the excess precision separately from the effective
precision. Avoid overflow in bounds check by splitting it into
two checks.
(__floating_to_chars_precision): Avoid overflow in bounds checks
similarly.
* testsuite/20_util/to_chars/103955.cc: New test.

libstdc++-v3/src/c++17/floating_to_chars.cc		diff \| blob \| blame \| history
libstdc++-v3/testsuite/20_util/to_chars/103955.cc	[new file with mode: 0644]	blob