[Bug libstdc++/94906] memory corruption in std::pmr::monotonic_buffer_resource
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94906 Jonathan Wakely changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED|RESOLVED --- Comment #6 from Jonathan Wakely --- Fixed for 9.4 and 10.2
[Bug libstdc++/94906] memory corruption in std::pmr::monotonic_buffer_resource
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94906 --- Comment #5 from CVS Commits --- The releases/gcc-9 branch has been updated by Jonathan Wakely : https://gcc.gnu.org/g:45a6686e76bfcd48f7c72a23d0e15186f76b4bfc commit r9-8588-g45a6686e76bfcd48f7c72a23d0e15186f76b4bfc Author: Jonathan Wakely Date: Tue May 12 09:54:44 2020 +0100 libstdc++: Fix incorrect size calculation in PMR resource (PR 94906) Calculating the size of a chunk being returned to the upstream allocator was done with a 32-bit type, so it wrapped if the chunk was 4GB or larger. I don't know how to test this without allocating 4GB, so there's no test in the testsuite. It has been tested manually of course. Backport from mainline 2020-05-04 Jonathan Wakely PR libstdc++/94906 * src/c++17/memory_resource.cc (monotonic_buffer_resource::_Chunk::release): Use size_t for shift operands.
[Bug libstdc++/94906] memory corruption in std::pmr::monotonic_buffer_resource
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94906 --- Comment #4 from CVS Commits --- The releases/gcc-10 branch has been updated by Jonathan Wakely : https://gcc.gnu.org/g:dc103060c18656affaecfdd57faa4e0237dadcd3 commit r10-8136-gdc103060c18656affaecfdd57faa4e0237dadcd3 Author: Jonathan Wakely Date: Tue May 12 09:54:44 2020 +0100 libstdc++: Fix incorrect size calculation in PMR resource (PR 94906) Calculating the size of a chunk being returned to the upstream allocator was done with a 32-bit type, so it wrapped if the chunk was 4GB or larger. I don't know how to test this without allocating 4GB, so there's no test in the testsuite. It has been tested manually of course. Backport from mainline 2020-05-04 Jonathan Wakely PR libstdc++/94906 * src/c++17/memory_resource.cc (monotonic_buffer_resource::_Chunk::release): Use size_t for shift operands.
[Bug libstdc++/94906] memory corruption in std::pmr::monotonic_buffer_resource
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94906 Jonathan Wakely changed: What|Removed |Added Target Milestone|--- |9.4 --- Comment #3 from Jonathan Wakely --- Thanks for the report and identifying the source of the bug. Fixed on master only for now, but backports will come soon.
[Bug libstdc++/94906] memory corruption in std::pmr::monotonic_buffer_resource
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94906 --- Comment #2 from CVS Commits --- The master branch has been updated by Jonathan Wakely : https://gcc.gnu.org/g:bb27781b64162e1769df15e0c97e8d2145d2d10d commit r11-53-gbb27781b64162e1769df15e0c97e8d2145d2d10d Author: Jonathan Wakely Date: Mon May 4 21:13:28 2020 +0100 libstdc++: Fix incorrect size calculation in PMR resource (PR 94906) Calculating the size of a chunk being returned to the upstream allocator was done with a 32-bit type, so it wrapped if the chunk was 4GB or larger. I don't know how to test this without allocating 4GB, so there's no test in the testsuite. It has been tested manually with allocations sizes and alignments exceeding 4GB. PR libstdc++/94906 * src/c++17/memory_resource.cc (monotonic_buffer_resource::_Chunk::release): Use size_t for shift operands.