https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105857
Jonathan Wakely <redi at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|unassigned at gcc dot gnu.org |redi at gcc dot gnu.org
Status|NEW |ASSIGNED
--- Comment #11 from Jonathan Wakely <redi at gcc dot gnu.org> ---
I can reproduce it if I compile codecvt_members.cc with _FORTIFY_SOURCE=3
I think Fedora is built with _FORTIFY_SOURCE=2 so doesn't check mbsnrtowcs.
I'll test this fix:
--- a/libstdc++-v3/config/locale/gnu/codecvt_members.cc
+++ b/libstdc++-v3/config/locale/gnu/codecvt_members.cc
@@ -232,10 +232,12 @@ namespace
// in case we advance past it and then continue, in a loop.
// NB: mbsnrtowcs is a GNU extension
+ const size_t __to_len = 1024; // Size of alloca'd output buffer
+
// A dummy internal buffer is needed in order for mbsnrtocws to consider
// its fourth parameter (it wouldn't with NULL as first parameter).
wchar_t* __to = static_cast<wchar_t*>(__builtin_alloca(sizeof(wchar_t)
- * __max));
+ * __to_len));
while (__from < __end && __max)
{
const extern_type* __from_chunk_end;
@@ -248,7 +250,8 @@ namespace
const extern_type* __tmp_from = __from;
size_t __conv = mbsnrtowcs(__to, &__from,
__from_chunk_end - __from,
- __max, &__state);
+ __max > __to_len ? __to_len : __max,
+ &__state);
if (__conv == static_cast<size_t>(-1))
{
// In case of error, in order to stop at the exact place we
