https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95851
--- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The releases/gcc-10 branch has been updated by Jonathan Wakely <r...@gcc.gnu.org>: https://gcc.gnu.org/g:ff5c8fe44a98025c1e700cfc033247965e293869 commit r10-8360-gff5c8fe44a98025c1e700cfc033247965e293869 Author: Jonathan Wakely <jwak...@redhat.com> Date: Tue Jun 23 22:47:58 2020 +0100 libstdc++: Fix std::to_chars buffer overflow (PR 95851) The __detail::__to_chars_2 function assumes it won't be called with zero values. However, when the output buffer is empty the caller doesn't handle zero values correctly, and calls __to_chars_2 with a zero value, resulting in an overflow of the empty buffer. The __detail::__to_chars_i function should just return immediately for an empty buffer, and otherwise ensure zero values are handled properly. libstdc++-v3/ChangeLog: PR libstdc++/95851 * include/std/charconv (__to_chars_i): Check for zero-sized buffer unconditionally. * testsuite/20_util/to_chars/95851.cc: New test. (cherry picked from commit be50843754b4c4d47f0d628a84b3dbf2a4145a43)
