================
@@ -307,8 +307,11 @@ public:
: __data_(__s),
__size_(__len) {
#if _LIBCPP_STD_VER >= 14
- _LIBCPP_ASSERT_UNCATEGORIZED(__len <=
static_cast<size_type>(numeric_limits<difference_type>::max()),
- "string_view::string_view(_CharT *, size_t):
length does not fit in difference_type");
+ // This will result in creating an invalid `string_view` object -- some
calculations involving `size` would
----------------
davidben wrote:
I think this one has more serious consequences than the categorization and
comment suggest. The size parameter determines the bounds of the string. Every
byte from `__s[0]` up to `__s[__len - 1]` is fair game for the program to
access. E.g. the bounds checks in `operator[]` assume the length is correct.
It is not possible for a length over `PTRDIFF_MAX` to be the correct bounds for
`__s`. No allocation can exceed that amount. Moreover, it's not hard for a
program to accidentally construct such a `string_view` by accidentally
underflowing a computation and passing a negative number. That negative number
will, in turn, be read as `SIZE_MAX`.
See https://github.com/llvm/llvm-project/issues/61100 for context.
https://github.com/llvm/llvm-project/pull/77183
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
