(Ignore me, I was looking at an old version.)
> On 2016-Jun-28, at 17:56, Duncan P. N. Exon Smith via cfe-commits
> <cfe-commits@lists.llvm.org> wrote:
>
> The fix looks fairly obvious, but you haven't added a testcase. Would you
> please do so?
>
>> On 2016-May-17, at 12:20, Akira Hatanaka via cfe-commits
>> <cfe-commits@lists.llvm.org> wrote:
>>
>> ahatanak created this revision.
>> ahatanak added reviewers: mclow.lists, EricWF, howard.hinnant.
>> ahatanak added a subscriber: cfe-commits.
>>
>> The end pointer should point to one past the end of the newly allocated
>> buffer.
>>
>> Without this fix, asan reports an error when the following code is compiled
>> and executed:
>>
>> $ cat test.cpp
>>
>> ```
>> std::string stringOfLength(const size_t length) {
>> std::string s("");
>>
>> std::string characters("abcdefghijklmnopqrstuvwxyz0123456789+-*/");
>> for (size_t i = 0; i < length; ++i) {
>> s += characters[i % characters.size()];
>> }
>>
>> return s;
>> }
>>
>> int main(int, char const **argv) {
>> std::ostrstream oss;
>>
>> oss << stringOfLength(atoi(argv[1])) << std::ends;
>> std::cout << oss.str();
>> oss.freeze(false);
>>
>> return 0;
>> }```
>>
>> $ clang++ -fsanitize=address test.cpp && ./a.out 4096
>> ==18970==ERROR: AddressSanitizer: heap-buffer-overflow on address
>> 0x62100001dd00 at pc 0x00010277c45d bp 0x7fff5d4ce6e0 sp 0x7fff5d4cdea0
>> READ of size 4097 at 0x62100001dd00 thread T0
>> #0 0x10277c45c in wrap_strlen (libclang_rt.asan_osx_dynamic.dylib+0x4345c)
>> #1 0x102733954 in std::__1::char_traits<char>::length(char const*)
>> (a.out+0x100002954)
>> #2 0x10273390b in std::__1::basic_ostream<char,
>> std::__1::char_traits<char> >&
>> std::__1::operator<<<std::__1::char_traits<char>
>> >(std::__1::basic_ostream<char, std::__1::char_traits<char> >&, char const*)
>> (a.out+0x10000290b)
>> #3 0x102733346 in main (a.out+0x100002346)
>> #4 0x7fff901905ac in start (libdyld.dylib+0x35ac)
>> #5 0x1 (<unknown module>)
>>
>> 0x62100001dd00 is located 0 bytes to the right of 4096-byte region
>> [0x62100001cd00,0x62100001dd00)
>> allocated by thread T0 here:
>> #0 0x10278d42b in wrap__Znam (libclang_rt.asan_osx_dynamic.dylib+0x5442b)
>> #1 0x7fff9bdc9fa1 in std::__1::strstreambuf::overflow(int)
>> (libc++.1.dylib+0x44fa1)
>> #2 0x7fff9bd901cc in std::__1::basic_streambuf<char,
>> std::__1::char_traits<char> >::xsputn(char const*, long)
>> (libc++.1.dylib+0xb1cc)
>> #3 0x10273547c in std::__1::ostreambuf_iterator<char,
>> std::__1::char_traits<char> > std::__1::__pad_and_output<char,
>> std::__1::char_traits<char> >(std::__1::ostreambuf_iterator<char,
>> std::__1::char_traits<char> >, char const*, char const*, char const*,
>> std::__1::ios_base&, char) (a.out+0x10000447c)
>> #4 0x102734312 in std::__1::basic_ostream<char,
>> std::__1::char_traits<char> >& std::__1::__put_character_sequence<char,
>> std::__1::char_traits<char> >(std::__1::basic_ostream<char,
>> std::__1::char_traits<char> >&, char const*, unsigned long)
>> (a.out+0x100003312)
>> #5 0x10273389d in std::__1::basic_ostream<char,
>> std::__1::char_traits<char> >& std::__1::operator<<<char,
>> std::__1::char_traits<char>, std::__1::allocator<char>
>> >(std::__1::basic_ostream<char, std::__1::char_traits<char> >&,
>> std::__1::basic_string<char, std::__1::char_traits<char>,
>> std::__1::allocator<char> > const&) (a.out+0x10000289d)
>> #6 0x1027332c4 in main (a.out+0x1000022c4)
>> #7 0x7fff901905ac in start (libdyld.dylib+0x35ac)
>> #8 0x1 (<unknown module>)
>>
>> http://reviews.llvm.org/D20334
>>
>> Files:
>> src/strstream.cpp
>>
>> Index: src/strstream.cpp
>> ===================================================================
>> --- src/strstream.cpp
>> +++ src/strstream.cpp
>> @@ -180,7 +180,7 @@
>> delete [] eback();
>> }
>> setg(buf, buf + ninp, buf + einp);
>> - setp(buf + einp, buf + einp + eout);
>> + setp(buf + einp, buf + new_size);
>> pbump(static_cast<int>(nout));
>> __strmode_ |= __allocated;
>> }
>>
>>
>> <D20334.57507.patch>_______________________________________________
>> cfe-commits mailing list
>> cfe-commits@lists.llvm.org
>> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits@lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
