https://gcc.gnu.org/bugzilla/show_bug.cgi?id=124882
Bug ID: 124882
Summary: limit memchr count in char_traits::find
Product: gcc
Version: 16.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: vries at gcc dot gnu.org
Target Milestone: ---
I encountered a Wstringop-overread related to the memchr in char_traits::find (
see PR124879).
I wonder if this is a good idea:
...
diff --git a/libstdc++-v3/include/bits/char_traits.h
b/libstdc++-v3/include/bits/char_traits.h
index bd755f7368e..f9d4ffbb4d6 100644
--- a/libstdc++-v3/include/bits/char_traits.h
+++ b/libstdc++-v3/include/bits/char_traits.h
@@ -404,6 +404,11 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION
#if __cplusplus >= 201703L
if (std::__is_constant_evaluated())
return __gnu_cxx::char_traits<char_type>::find(__s, __n, __a);
+#endif
+#if __PTRDIFF_MAX__ < __SIZE_MAX__
+ /* Avoid reading past maximum object size. */
+ __n = std::min<size_t> (__n, PTRDIFF_MAX);
#endif
return static_cast<const char_type*>(__builtin_memchr(__s, __a, __n));
}
...
