libstdc++: Fix misuse of alloca in std::bitset [PR108214]

The use of alloca in a constructor is wrong, because the memory is gone after the constructor returns, and will be overwritten by a subsequent function call. This didn't show up in testing because function inlining alters the stack usage. libstdc++-v3/ChangeLog: PR libstdc++/108214 * include/std/bitset (operator>>): Use alloca in the right scope, not in a constructor. * testsuite/20_util/bitset/io/input.cc: Check case from PR.
2023-01-06 13:42:07 +00:00 · 2023-01-06 13:42:07 +00:00 · 553332c19a
commit 553332c19a
parent 8c330fd494
2 changed files with 35 additions and 10 deletions
--- a/libstdc++-v3/include/std/bitset
+++ b/libstdc++-v3/include/std/bitset
@ -1598,20 +1598,24 @@ _GLIBCXX_BEGIN_NAMESPACE_CONTAINER

      struct _Buffer
      {
-	_Buffer()
-	: _M_base(_Nb > 256 ? new _CharT[_Nb] : (_CharT*)__builtin_alloca(_Nb))
-	{ }
+	static _GLIBCXX_CONSTEXPR bool _S_use_alloca() { return _Nb <= 256; }
+
+	explicit _Buffer(_CharT* __p) : _M_ptr(__p) { }

 	~_Buffer()
 	{
-	  if _GLIBCXX17_CONSTEXPR (_Nb > 256)
-	    delete[] _M_base;
+	  if _GLIBCXX17_CONSTEXPR (!_S_use_alloca())
+	    delete[] _M_ptr;
 	}

-	_CharT* const _M_base;
+	_CharT* const _M_ptr;
      };
-      _Buffer __buf;
-      _CharT* __ptr = __buf._M_base;
+      _CharT* __ptr;
+      if _GLIBCXX17_CONSTEXPR (_Buffer::_S_use_alloca())
+	__ptr = (_CharT*)__builtin_alloca(_Nb);
+      else
+	__ptr = new _CharT[_Nb];
+      const _Buffer __buf(__ptr);

      // _GLIBCXX_RESOLVE_LIB_DEFECTS
      // 303. Bitset input operator underspecified
@ -1662,8 +1666,8 @@ _GLIBCXX_BEGIN_NAMESPACE_CONTAINER

      if _GLIBCXX17_CONSTEXPR (_Nb)
      {
-	if (size_t __len = __ptr - __buf._M_base)
-	  __x.template _M_copy_from_ptr<_CharT, _Traits>(__buf._M_base, __len,
+	if (size_t __len = __ptr - __buf._M_ptr)
+	  __x.template _M_copy_from_ptr<_CharT, _Traits>(__buf._M_ptr, __len,
 							 0, __len,
 							 __zero, __one);
 	else
--- a/libstdc++-v3/testsuite/20_util/bitset/io/input.cc
+++ b/libstdc++-v3/testsuite/20_util/bitset/io/input.cc
@ -42,8 +42,29 @@ void test01()
  VERIFY( ss.rdstate() == ios_base::goodbit ); // LWG 3199
 }

+void
+test02()
+{
+  std::bitset<4> a(0b1100), b;
+  std::stringstream ss;
+  ss << a;
+  ss >> b; // PR libstdc++/108214
+  VERIFY( b == a );
+
+  ss.str("");
+  ss.clear();
+
+  std::bitset<4000> c, d;
+  for (int i = 0; i < 4000; i += 5)
+    c.flip(i);
+  ss << c;
+  ss >> d;
+  VERIFY( d == c );
+}
+
 int main()
 {
  test01();
+  test02();
  return 0;
 }