diff options
| author | Jonathan Wakely <jwakely@redhat.com> | 2020-06-23 22:47:58 +0100 |
|---|---|---|
| committer | Giuliano Belinassi <giuliano.belinassi@usp.br> | 2020-08-17 13:14:44 -0300 |
| commit | 7bb4bae010839f057cefa85a22e2c89dde98b3d1 (patch) | |
| tree | cdff51ae8597f16f5218f7ae5e5d0340cd2e7c95 /gcc | |
| parent | b6d296d5898dd7987133ce6f46ae64e4f6d056ec (diff) | |
| download | gcc-7bb4bae010839f057cefa85a22e2c89dde98b3d1.zip gcc-7bb4bae010839f057cefa85a22e2c89dde98b3d1.tar.gz gcc-7bb4bae010839f057cefa85a22e2c89dde98b3d1.tar.bz2 | |
libstdc++: Fix std::to_chars buffer overflow (PR 95851)
The __detail::__to_chars_2 function assumes it won't be called with zero
values. However, when the output buffer is empty the caller doesn't
handle zero values correctly, and calls __to_chars_2 with a zero value,
resulting in an overflow of the empty buffer.
The __detail::__to_chars_i function should just return immediately for
an empty buffer, and otherwise ensure zero values are handled properly.
libstdc++-v3/ChangeLog:
PR libstdc++/95851
* include/std/charconv (__to_chars_i): Check for zero-sized
buffer unconditionally.
* testsuite/20_util/to_chars/95851.cc: New test.
Diffstat (limited to 'gcc')
0 files changed, 0 insertions, 0 deletions