https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71945
--- Comment #9 from GCC Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by Jonathan Wakely <r...@gcc.gnu.org>: https://gcc.gnu.org/g:9a2b1acda0cb2c32568b5ca82996eb0544a3a4ef commit r16-3812-g9a2b1acda0cb2c32568b5ca82996eb0544a3a4ef Author: Jonathan Wakely <jwak...@redhat.com> Date: Thu Jul 17 00:21:54 2025 +0100 libstdc++: Trap on std::shared_ptr reference count overflow [PR71945] This adds checks when incrementing the shared count and weak count and will trap if they would be be incremented past its maximum. The maximum value is the value at which incrementing it produces an invalid use_count(). So that is either the maximum positive value of _Atomic_word, or for targets where we now allow the counters to wrap around to negative values, the "maximum" value is -1, because that is the value at which one more increment overflows the usable range and resets the counter to zero. For the weak count the maximum is always -1 as we always allow that count to use nagative values, so we only tap if it wraps all the way back to zero. libstdc++-v3/ChangeLog: PR libstdc++/71945 * include/bits/shared_ptr_base.h (_Sp_counted_base::_S_chk): Trap if a reference count cannot be incremented any higher. (_Sp_counted_base::_M_add_ref_copy): Use _S_chk. (_Sp_counted_base::_M_add_weak_ref): Likewise. (_Sp_counted_base<_S_mutex>::_M_add_ref_lock_nothrow): Likewise. (_Sp_counted_base<_S_atomic>::_M_add_ref_lock_nothrow): Likewise. (_Sp_counted_base<_S_single>::_M_add_ref_copy): Use _S_chk. Reviewed-by: Tomasz KamiÅski <tkami...@redhat.com>
