Thanks to visit codestin.com
Credit goes to github.com

Skip to content

<format>: Detect some invalid contiguous ranges in range_formatter #5187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
StephanTLavavej merged 5 commits into from
Jan 14, 2025
Merged

<format>: Detect some invalid contiguous ranges in range_formatter #5187

StephanTLavavej merged 5 commits into from
Jan 14, 2025

Conversation

@frederick-vs-ja
Copy link
Contributor

@frederick-vs-ja frederick-vs-ja commented Dec 12, 2024
edited by CaseyCarter
Loading

The following code snippet detects some "impossible" huge range.

STL/stl/inc/format

Lines 3283 to 3290 in 89ca073

template <class _CharT, _RANGES input_range _Range, class _FormatContext>
void _Range_formatter_format_as_string(_Range&& _Rng, _FormatContext& _Ctx, const bool _Debug) {
if constexpr (_RANGES contiguous_range<_Range>) {
const auto _Size = _STD _To_unsigned_like(_RANGES distance(_Rng));
if (!_STD in_range<size_t>(_Size)) [[unlikely]] {
_Throw_format_error("Formatted range is too long.");
}

The semantic requirements of contiguous_iterator depend on pointer arithmetic, so when the underlying contiguous_range has more than 1 elements, the range must denote a contiguous element sequence of some array to be valid (otherwise, reaching from the beginning to the end causes UB). Moreover, the C++ object model doesn't permit an array object to have more than SIZE_MAX element. So we can infer that when the size of the contiguous range is too large to fit into size_t, the range must be invalid, and thus formatting it results in UB (per [iterator.requirements.general]/10, although the paragraph seemingly accidently makes infinite range invalid).

Fixes #5182.

@frederick-vs-ja frederick-vs-ja requested a review from a team as a code owner December 12, 2024 05:14
@StephanTLavavej StephanTLavavej added enhancement Something can be improved ranges C++20/23 ranges format C++20/23 format labels Dec 12, 2024
@StephanTLavavej StephanTLavavej self-assigned this Dec 12, 2024
CaseyCarter
CaseyCarter suggested changes Dec 12, 2024
View reviewed changes
@CaseyCarter CaseyCarter added bug Something isn't working and removed enhancement Something can be improved labels Dec 13, 2024
@StephanTLavavej
Copy link
Member

StephanTLavavej commented Dec 13, 2024

I haven't thought about this too deeply, but I'd recommend any pathological checks be controlled by _DEBUG or IDL=2, not CDL.

@CaseyCarter CaseyCarter mentioned this pull request Dec 17, 2024
Open
@StephanTLavavej
Copy link
Member

StephanTLavavej commented Jan 13, 2025

I'm mirroring this to the MSVC-internal repo - please notify me if any further changes are pushed.

@StephanTLavavej StephanTLavavej merged commit 3c31602 into microsoft:main Jan 14, 2025
39 checks passed
@StephanTLavavej
Copy link
Member

StephanTLavavej commented Jan 14, 2025

Thanks for fixing this obscure bug! 🛠️ 🐞 🪄

@frederick-vs-ja frederick-vs-ja deleted the contiguously-small branch January 14, 2025 13:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@StephanTLavavej StephanTLavavej StephanTLavavej approved these changes

+1 more reviewer

@CaseyCarter CaseyCarter CaseyCarter approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@StephanTLavavej StephanTLavavej

Labels

bug Something isn't working format C++20/23 format ranges C++20/23 ranges

Projects

STL Code Reviews
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

<format>: in_range apply on non-integrals triggers a static_assert

3 participants

@frederick-vs-ja @StephanTLavavej @CaseyCarter