From: Jonathan Wakely Date: Tue, 14 Jun 2022 13:37:25 +0000 (+0100) Subject: libstdc++: Check for size overflow in constexpr allocation [PR105957] X-Git-Tag: releases/gcc-12.2.0~42 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2ef2de76dae5cac14e0de77ca7205e43be03ab22;p=thirdparty%2Fgcc.git libstdc++: Check for size overflow in constexpr allocation [PR105957] libstdc++-v3/ChangeLog: PR libstdc++/105957 * include/bits/allocator.h (allocator::allocate): Check for overflow in constexpr allocation. * testsuite/20_util/allocator/105975.cc: New test. (cherry picked from commit 0a9af7b4ef1b8aa85cc8820acf54d41d1569fc10) --- diff --git a/libstdc++-v3/include/bits/allocator.h b/libstdc++-v3/include/bits/allocator.h index f77701652735..a4b80d924d64 100644 --- a/libstdc++-v3/include/bits/allocator.h +++ b/libstdc++-v3/include/bits/allocator.h @@ -179,7 +179,12 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION allocate(size_t __n) { if (std::__is_constant_evaluated()) - return static_cast<_Tp*>(::operator new(__n * sizeof(_Tp))); + { + if (__builtin_mul_overflow(__n, sizeof(_Tp), &__n)) + std::__throw_bad_array_new_length(); + return static_cast<_Tp*>(::operator new(__n)); + } + return __allocator_base<_Tp>::allocate(__n, 0); } diff --git a/libstdc++-v3/testsuite/20_util/allocator/105975.cc b/libstdc++-v3/testsuite/20_util/allocator/105975.cc new file mode 100644 index 000000000000..4342aeade046 --- /dev/null +++ b/libstdc++-v3/testsuite/20_util/allocator/105975.cc @@ -0,0 +1,18 @@ +// { dg-options "-std=gnu++20" } +// { dg-do compile { target c++20 } } + +// PR libstdc++/105957 + +#include + +consteval bool test_pr105957() +{ + std::allocator a; + auto n = std::size_t(-1) / (sizeof(long long) - 1); + auto p = a.allocate(n); // { dg-error "constexpr" } + a.deallocate(p, n); + return true; +} +static_assert( test_pr105957() ); + +// { dg-error "throw_bad_array_new_length" "" { target *-*-* } 0 }