https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103955
--- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The releases/gcc-11 branch has been updated by Patrick Palka <ppa...@gcc.gnu.org>: https://gcc.gnu.org/g:0b6d4ee830b01ee70cc5dc32722d73ac3ea4e0db commit r11-9822-g0b6d4ee830b01ee70cc5dc32722d73ac3ea4e0db Author: Patrick Palka <ppa...@redhat.com> Date: Wed Jan 12 09:10:24 2022 -0500 libstdc++: Avoid overflow in bounds checks [PR103955] We currently crash when the floating-point to_chars overloads are passed a precision value near INT_MAX, ultimately due to overflow in the bounds checks that verify the output range is large enough. The simplest portable fix seems to be to replace bounds checks of the form A >= B + C (where B + C may overflow) with the otherwise equivalent check A >= B && A - B >= C, which is the approach this patch takes. Before we could do this in __floating_to_chars_hex, there we first need to track the unbounded "excess" precision (i.e. the number of trailing fractional digits in the output that are guaranteed to be '0') separately from the bounded "effective" precision (i.e. the number of significant fractional digits in the output), like we do in __f_t_c_precision. PR libstdc++/103955 libstdc++-v3/ChangeLog: * src/c++17/floating_to_chars.cc (__floating_to_chars_hex): Track the excess precision separately from the effective precision. Avoid overflow in bounds check by splitting it into two checks. (__floating_to_chars_precision): Avoid overflow in bounds checks similarly. * testsuite/20_util/to_chars/103955.cc: New test. (cherry picked from commit c0e355c77972d96fcec2ff7da047ad03e10e51d9)
