================ @@ -307,8 +307,11 @@ public: : __data_(__s), __size_(__len) { #if _LIBCPP_STD_VER >= 14 - _LIBCPP_ASSERT_UNCATEGORIZED(__len <= static_cast<size_type>(numeric_limits<difference_type>::max()), - "string_view::string_view(_CharT *, size_t): length does not fit in difference_type"); + // This will result in creating an invalid `string_view` object -- some calculations involving `size` would ---------------- davidben wrote:
I think this one has more serious consequences than the categorization and comment suggest. The size parameter determines the bounds of the string. Every byte from `__s[0]` up to `__s[__len - 1]` is fair game for the program to access. E.g. the bounds checks in `operator[]` assume the length is correct. It is not possible for a length over `PTRDIFF_MAX` to be the correct bounds for `__s`. No allocation can exceed that amount. Moreover, it's not hard for a program to accidentally construct such a `string_view` by accidentally underflowing a computation and passing a negative number. That negative number will, in turn, be read as `SIZE_MAX`. See https://github.com/llvm/llvm-project/issues/61100 for context. https://github.com/llvm/llvm-project/pull/77183 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits