diff options
| author | Paul Dreik <gccpatches@pauldreik.se> | 2023-08-24 11:43:43 +0100 |
|---|---|---|
| committer | Jonathan Wakely <jwakely@redhat.com> | 2023-08-24 13:44:38 +0100 |
| commit | dd4bdb9eea436bf06f175d8dbfc2190377455be4 (patch) | |
| tree | d5ef7fffbfe16fe365849a03e15940be0aa825c4 | |
| parent | d6271d600d5a181b37093c8984990806a743f16a (diff) | |
| download | gcc-dd4bdb9eea436bf06f175d8dbfc2190377455be4.zip gcc-dd4bdb9eea436bf06f175d8dbfc2190377455be4.tar.gz gcc-dd4bdb9eea436bf06f175d8dbfc2190377455be4.tar.bz2 | |
libstdc++: fix illegal pointer arithmetic in format [PR111102]
When parsing a format string, the width is parsed into an unsigned short
but the result is not checked in the case the format string is not a
char string (such as a wide string). In case the parse fails, a null
pointer is returned which is used for pointer arithmetic which is
undefined behaviour.
Signed-off-by: Paul Dreik <gccpatches@pauldreik.se>
libstdc++-v3/ChangeLog:
PR libstdc++/111102
* include/std/format (__format::__parse_integer): Check for
non-null pointer.
| -rw-r--r-- | libstdc++-v3/include/std/format | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/libstdc++-v3/include/std/format b/libstdc++-v3/include/std/format index f3d9ae1..fe2caa5 100644 --- a/libstdc++-v3/include/std/format +++ b/libstdc++-v3/include/std/format @@ -285,7 +285,8 @@ namespace __format for (int __i = 0; __i < __n && (__first + __i) != __last; ++__i) __buf[__i] = __first[__i]; auto [__v, __ptr] = __format::__parse_integer(__buf, __buf + __n); - return {__v, __first + (__ptr - __buf)}; + if (__ptr) [[likely]] + return {__v, __first + (__ptr - __buf)}; } return {0, nullptr}; } |