From patchwork Thu Nov 2 19:56:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Sherman X-Patchwork-Id: 161110 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp605461vqu; Thu, 2 Nov 2023 12:58:13 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE8qhavvTCRaypb94nRU8U6Juixeqw8tU0PoXeIElz/uJPhnxlGEelq1pUMtFARzibaWkQJ X-Received: by 2002:a05:6808:1389:b0:3b2:e60d:27f6 with SMTP id c9-20020a056808138900b003b2e60d27f6mr24591521oiw.29.1698955093082; Thu, 02 Nov 2023 12:58:13 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698955093; cv=pass; d=google.com; s=arc-20160816; b=bGZH3yS3kn2tFw1n5h9/hpcqYlB4bMSvpGAt5v98NBLFXOSsOfX7/06rkidFQs8dGU 8uu3WHD/QnRRrsOyM5VcqZWd/9BjBKSGer51X2BHmuUK8ywkOyLc+AjPs9wTjAmyl3uZ nbSkZjdNRIi59n1dwmZnv8ESJsG9ynC9fSQgRrkjmMgNbmjy3yIGbPOi1bljRfvALp8O zSKPI6wLP7MYyNGyGpwCaUOPVOXvdrhpr+pNiQgj0A1MtJTHZaCJhhU4x1Q+rMxLpizc plITr7w51iWeXklhPaAhp/vy16LFxuS5ut7R3m9hB6c4tAoM1IGYIOkAKYs0Rtipe9yA tY6w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:arc-filter :dmarc-filter:delivered-to; bh=th5kTUt8T2jqaCLyyI0xu4PclwwHoYQIYpfe/7IjOJE=; fh=vVsutx6SlhirB529TGeefiUQwY43nKoxYnhzn8jFb48=; b=agwFG8g8S7H7oSm3fbSGKMMvMoKtqLdiMzPa2WOlkHFnzNMVm6s2cUgkw2VK1DvU+Z 08qM9akIdCbGdxUJQPxaRiyF5uRX7pSx1WZHKNu7iRVU0jIY0siNXjmRHdw12W7IwpSD 8Jr70emXWD5Zf0NvzRCZjrAK70Tfb6Xk5EZ8sYI28BZu8IaxRCqkUyYgqYwNWhNQ3nwF 7mdorxOlMUTjKJh0/d19C9Ed0sRyzA1TYV6g3nR7kcn9hH5U5eV+h/5eXnzVYO/EbD4D lGUHFrzCwFceZD/cVJkAPrDYJ+QC5oliAAfQuBgct7Z4wtLgFo8N7pdK3np8/2KcREem 3/1g== ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1); spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org" Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id r20-20020a05620a299400b0077575bac0a5si204786qkp.98.2023.11.02.12.58.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Nov 2023 12:58:13 -0700 (PDT) Received-SPF: pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; arc=pass (i=1); spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org" Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 5DBFF3858C2D for ; Thu, 2 Nov 2023 19:58:12 +0000 (GMT) X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from us-smtp-delivery-175.mimecast.com (us-smtp-delivery-175.mimecast.com [170.10.129.175]) by sourceware.org (Postfix) with ESMTPS id 1E0C43858D28 for ; Thu, 2 Nov 2023 19:57:47 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 1E0C43858D28 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=chicagotrading.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=chicagotrading.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 1E0C43858D28 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.175 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1698955068; cv=none; b=UWE1aEQ60rdTU6V2hcd1jy3wUgWKnamYcXvI/6d+gatWrSyZgdBYy2iSgGeFWOMVsTsDj2x9eFxkYJ/+Vf4y+JqNiamDh54y4CmxCtIXLVslN2tq0+bXNADf7YYspSMyLRfsKjtg+sJynFQUh5ko/VOyF8cvmckpZx/Jp2JNUJs= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1698955068; c=relaxed/simple; bh=uxI4xam5eGnDTaKUPsp5WqlOuw+D0HFCS6coy51sx68=; h=From:To:Subject:Date:Message-ID:MIME-Version; b=GCDkZHW0mCuJQcEirwbDFPXb6QH3WyXAoFs3kWPVhuXGTo4hG4Gaele6XQqVPzfg4AaxIm1JUcPfqWXJH72CCEkSJmAtAf5oRvXfNDVsv1AvR1vWwon3yUnjPtg8zWN8+glyVLsbS+mgh+Wbo8wjjruYhzoIkSqBfQLXZP8R8GI= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from DM4PR02CU002.outbound.protection.outlook.com (mail-centralusazlp17013031.outbound.protection.outlook.com [40.93.13.31]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-543-vmSHsf3vPD61nHH32Mtabg-1; Thu, 02 Nov 2023 15:57:45 -0400 X-MC-Unique: vmSHsf3vPD61nHH32Mtabg-1 Received: from SJ0PR13CA0093.namprd13.prod.outlook.com (2603:10b6:a03:2c5::8) by PH0PR05MB8904.namprd05.prod.outlook.com (2603:10b6:510:d8::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.19; Thu, 2 Nov 2023 19:57:40 +0000 Received: from DM6NAM04FT065.eop-NAM04.prod.protection.outlook.com (2603:10b6:a03:2c5:cafe::c9) by SJ0PR13CA0093.outlook.office365.com (2603:10b6:a03:2c5::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6977.10 via Frontend Transport; Thu, 2 Nov 2023 19:57:40 +0000 X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 216.241.70.10) smtp.mailfrom=chicagotrading.com; dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=chicagotrading.com Received: from webmail.chicagotrading.com (216.241.70.10) by DM6NAM04FT065.mail.protection.outlook.com (10.13.158.174) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.21 via Frontend Transport; Thu, 2 Nov 2023 19:57:40 +0000 Received: from ch12wxex03.chicagotrading.com (10.13.10.48) by ch12wxex03.chicagotrading.com (10.13.10.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Thu, 2 Nov 2023 14:57:38 -0500 Received: from ch12ldvdi547.chicagotrading.com (10.13.9.15) by ch12wxex03.chicagotrading.com (10.13.10.48) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Thu, 2 Nov 2023 14:57:38 -0500 Received: by ch12ldvdi547.chicagotrading.com (Postfix, from userid 10158) id A8FDB2D40FAB; Thu, 2 Nov 2023 14:57:38 -0500 (CDT) From: Ben Sherman To: , CC: Ben Sherman Subject: [PATCH] libstdc++: avoid uninitialized read in basic_string constructor Date: Thu, 2 Nov 2023 14:56:53 -0500 Message-ID: <20231102195652.9965-1-ben.sherman@chicagotrading.com> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM04FT065:EE_|PH0PR05MB8904:EE_ X-MS-Office365-Filtering-Correlation-Id: 49701f7c-6cf3-441f-b2bc-08dbdbddf87c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0 X-Microsoft-Antispam-Message-Info: Fl2FV5V9BuOfJoyEVO9w6X/wicGLMu254FEWK62vhyV8mrC4OS4YxmBgXFAtX1T9tU0Vy1y9wK3WSCAGnjkpZh2x3rROC2cWkVJfFN8CpPvEJyo4vkBImNPQ11k8rb8ceaUvi9qhEjcJQmM8dTsXjD8HGyMUkBxl00sHAdaQ3nYddzhelCePEns/NiHyG/o6AHmkdOQgq+vnQiyKXm/Hxg3fCMOVhz8KMO5LjbcyIbGvtmCs/77+QDEZyzJKLtKClBIbr5DaSNd+GeI3XEjRA10+R3O1OA0IxQ7vNdUA09AgwEKkEIq/qvKJeMgavhn8UdO83fbGxFbhlrNrEt4Af/jT5o787oSPgnNIQCO2N7idKAdvpgOGOwtLMT9n4hohnD1r+Q+fSVZBi56P4H79jnhmSJ9u6IHYRAmJmoByzkpMfQndZ/zWYN+2HEHU9pDB2F0ig74Ap87AkEQJse62vSPksSLBrh0liTx7/AbtEBGuyrnqxL+jRlG8W4JbYuLSyEWKpEvJr6TDpP5FGwyF0GLArlq+CZu4FLb3+rjQXf0MY9Hzv9LSAJYV38QdfTadAQDvGPUCvEf5IwWZz4XEails8VB6oKHKMP/Y/RwUqHCm/6DyeI1gQ3c8d9nKsKWCtJx3m2/L7QokVzaqBR0CFdur/LSR9iYNs991+eizOougEpjlf/mWGWdKxIIrsBuvQ+arAu4rks7nGSGsS9khv4SnB1hb5essfUiYXw4huOyTK+eMullGgk/XA3hS1u5ojRY4Lj2SbHQYMeS5n9PBkLJQWyqWzlGhZNzRfuDRZ44LS8Bg07CnfwxizMFB4w15tf3EVEdCtLB/iMXg26bQwQ== X-Forefront-Antispam-Report: CIP:216.241.70.10; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:webmail.chicagotrading.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230031)(4636009)(396003)(376002)(136003)(39840400004)(346002)(230922051799003)(1800799009)(186009)(82310400011)(64100799003)(451199024)(46966006)(36840700001)(2616005)(40480700001)(36756003)(356005)(81166007)(36860700001)(47076005)(336012)(83380400001)(478600001)(26005)(1076003)(426003)(107886003)(6266002)(6666004)(316002)(110136005)(42186006)(70206006)(70586007)(4326008)(8676002)(450100002)(8936002)(44832011)(5660300002)(41300700001)(2906002)(36900700001); DIR:OUT; SFP:1101 X-OriginatorOrg: chicagotrading.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Nov 2023 19:57:40.5296 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 49701f7c-6cf3-441f-b2bc-08dbdbddf87c X-MS-Exchange-CrossTenant-Id: d6f154a7-662e-4981-8c95-861f211a0b97 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d6f154a7-662e-4981-8c95-861f211a0b97; Ip=[216.241.70.10]; Helo=[webmail.chicagotrading.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM04FT065.eop-NAM04.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR05MB8904 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: chicagotrading.com X-Spam-Status: No, score=-13.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781483535895235059 X-GMAIL-MSGID: 1781483535895235059 Tested on x86_64-pc-linux-gnu, please let me know if there's anything else needed. I haven't contributed before and don't have write access, so apologies if I've missed anything. -- >8 -- The basic_string input iterator constructor incrementally reads data and allocates the internal buffer as-needed. When _M_dispose() is called, there is a check for whether the local buffer is being used - if it is, there is an additional check guarding __builtin_unreachable() for the value of _M_string_length. The constructor does not initialize _M_string_length until all data has been read, so the first re-allocation out of the local buffer will have an uninitialized read. This updates the basic_string input iterator constructor to properly set _M_string_length as data is being read. It additionally introduces a new _M_assign_terminator() function to assign the null-terminator based on the currently-stored _M_string_length. libstdc++-v3/ChangeLog: * include/bits/basic_string.h (_M_assign_terminator()): New function. (_M_set_length()): Use _M_assign_terminator(). * include/bits/basic_string.tcc (_M_construct(InIter, InIter, input_iterator_tag)): Set length incrementally, use _M_assign_terminator(). --- 2.21.0 This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. diff --git a/libstdc++-v3/include/bits/basic_string.h b/libstdc++-v3/include/bits/basic_string.h index 0fa32afeb..ba02d8f0f 100644 --- a/libstdc++-v3/include/bits/basic_string.h +++ b/libstdc++-v3/include/bits/basic_string.h @@ -258,12 +258,17 @@ _GLIBCXX_BEGIN_NAMESPACE_CXX11 _M_capacity(size_type __capacity) { _M_allocated_capacity = __capacity; } + _GLIBCXX20_CONSTEXPR + void + _M_assign_terminator() + { traits_type::assign(_M_data()[_M_string_length], _CharT()); } + _GLIBCXX20_CONSTEXPR void _M_set_length(size_type __n) { _M_length(__n); - traits_type::assign(_M_data()[__n], _CharT()); + _M_assign_terminator(); } _GLIBCXX20_CONSTEXPR diff --git a/libstdc++-v3/include/bits/basic_string.tcc b/libstdc++-v3/include/bits/basic_string.tcc index f0a44e5e8..84366a44a 100644 --- a/libstdc++-v3/include/bits/basic_string.tcc +++ b/libstdc++-v3/include/bits/basic_string.tcc @@ -182,6 +182,8 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION ++__beg; } + _M_length(__len); + struct _Guard { _GLIBCXX20_CONSTEXPR @@ -206,12 +208,13 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION _M_capacity(__capacity); } traits_type::assign(_M_data()[__len++], *__beg); + _M_length(__len); ++__beg; } __guard._M_guarded = 0; - _M_set_length(__len); + _M_assign_terminator(); } template