https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113159

            Bug ID: 113159
           Summary: More robust std::sort for silly comparator functions
           Product: gcc
           Version: 14.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libstdc++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: jengelh at inai dot de
  Target Milestone: ---

Type: enhancement
Version: 13.2.1 20231130 [revision 741743c028dc00f27b9c8b1d5211c1f602f2fddd]
(SUSE Linux) x86_64

Input:

#include <algorithm>
#include <cstdlib>
#include <vector>
int main()
{
        std::vector<int> v(256);
        sort(v.begin(), v.end(), [](int a, int b) -> bool { return rand() & 1;
});
        // alternatively, { return true; }
        //
        // -D_GLIBCXX_DEBUG can diagnose obviously-broken cases like
        // {return true;}, but won't necessarily for
        // rand()&1 at all times.
}

Observed output:

<SIGSEGV>

Expected output:

Though I recognize this is undefined behavior, I would love to see the
implementation not run into an out-of-bounds access. glibc's qsort for example
stays within the array bounds even if given a buggy comparator like that.

Reply via email to