https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110239
--- Comment #2 from Jonathan Wakely <redi at gcc dot gnu.org> ---
(In reply to Jonathan Wakely from comment #1)
> ==55393==ERROR: AddressSanitizer: global-buffer-overflow on address
> 0x0000004c9324 at pc 0x000000432970 bp 0x7ffe2c7fcf80 sp 0x7ffe2c7fcf78
> READ of size 4 at 0x0000004c9324 thread T0
> #0 0x43296f in std::pair<unsigned short, wchar_t const*>
> std::__format::__parse_integer<wchar_t>(wchar_t const*, wchar_t const*)
> /home/jwakely/gcc/14/include/c++/14.0.0/format:301
That's actually a separate bug that only affects formatting wide strings. I
have a fix for that, but the bug for 32-bit targets is simply:
@@ -2118,7 +2105,7 @@ namespace __format
typename basic_format_context<_Out, _CharT>::iterator
format(const void* __v, basic_format_context<_Out, _CharT>& __fc) const
{
- auto __u = reinterpret_cast<__UINT64_TYPE__>(__v);
+ auto __u = reinterpret_cast<__UINTPTR_TYPE__>(__v);
char __buf[2 + sizeof(__v) * 2];
auto [__ptr, __ec] = std::to_chars(__buf + 2, std::end(__buf),
__u, 16);
Casting the pointer to uint64_t sign extends it, which produces a very large
64-bit integer that doesn't fit in __buf.
