https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103955
--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by Patrick Palka <ppa...@gcc.gnu.org>: https://gcc.gnu.org/g:c0e355c77972d96fcec2ff7da047ad03e10e51d9 commit r12-6522-gc0e355c77972d96fcec2ff7da047ad03e10e51d9 Author: Patrick Palka <ppa...@redhat.com> Date: Wed Jan 12 09:10:24 2022 -0500 libstdc++: Avoid overflow in bounds checks [PR103955] We currently crash when the floating-point to_chars overloads are passed a precision value near INT_MAX, ultimately due to overflow in the bounds checks that verify the output range is large enough. The simplest portable fix seems to be to replace bounds checks of the form A >= B + C (where B + C may overflow) with the otherwise equivalent check A >= B && A - B >= C, which is the approach this patch takes. Before we could do this in __floating_to_chars_hex, there we first need to track the unbounded "excess" precision (i.e. the number of trailing fractional digits in the output that are guaranteed to be '0') separately from the bounded "effective" precision (i.e. the number of significant fractional digits in the output), like we do in __f_t_c_precision. PR libstdc++/103955 libstdc++-v3/ChangeLog: * src/c++17/floating_to_chars.cc (__floating_to_chars_hex): Track the excess precision separately from the effective precision. Avoid overflow in bounds check by splitting it into two checks. (__floating_to_chars_precision): Avoid overflow in bounds checks similarly. * testsuite/20_util/to_chars/103955.cc: New test.
