[Bug libstdc++/61735] basic_string bug when type_size is char.

redi at gcc dot gnu.org Mon, 07 Jul 2014 09:34:19 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61735


Jonathan Wakely <redi at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|WAITING                     |NEW

--- Comment #2 from Jonathan Wakely <redi at gcc dot gnu.org> ---
#include <string>

template<typename T>
struct tiny_allocator : std::allocator<T>
{
  template<typename U> struct rebind { typedef tiny_allocator<U> other; };

  typedef unsigned char size_type;

  static size_type max_size() { return 255; }
};

int main()
{
  std::basic_string<char, std::char_traits<char>, tiny_allocator<char> > s;
  s += 'a';
}

ubsan notices the error:

/home/jwakely/gcc/4.x/include/c++/4.10.0/bits/basic_string.tcc:597:54: runtime
error: division by zero
Floating point exception (core dumped)

The fix might be as simple as changing the type of __pagesize to unsigned,
although I expect there are other overflow issues lurking for an 8-bit
size_type.

[Bug libstdc++/61735] basic_string bug when type_size is char.

Reply via email to