https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95851
--- Comment #1 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by Jonathan Wakely <r...@gcc.gnu.org>: https://gcc.gnu.org/g:be50843754b4c4d47f0d628a84b3dbf2a4145a43 commit r11-1624-gbe50843754b4c4d47f0d628a84b3dbf2a4145a43 Author: Jonathan Wakely <jwak...@redhat.com> Date: Tue Jun 23 22:47:58 2020 +0100 libstdc++: Fix std::to_chars buffer overflow (PR 95851) The __detail::__to_chars_2 function assumes it won't be called with zero values. However, when the output buffer is empty the caller doesn't handle zero values correctly, and calls __to_chars_2 with a zero value, resulting in an overflow of the empty buffer. The __detail::__to_chars_i function should just return immediately for an empty buffer, and otherwise ensure zero values are handled properly. libstdc++-v3/ChangeLog: PR libstdc++/95851 * include/std/charconv (__to_chars_i): Check for zero-sized buffer unconditionally. * testsuite/20_util/to_chars/95851.cc: New test.
