[Bug libstdc++/117121] New: [15 regression] heap-buffer-overflow in ranges::{copy,move}_backward for 1-element ranges

enrico.seiler+gccbugs at outlook dot com via Gcc-bugs Sun, 13 Oct 2024 11:20:29 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117121


            Bug ID: 117121
           Summary: [15 regression] heap-buffer-overflow in
                    ranges::{copy,move}_backward for 1-element ranges
           Product: gcc
           Version: 15.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libstdc++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: enrico.seiler+gccbugs at outlook dot com
  Target Milestone: ---

The following code encounters a heap-buffer-overflow (>=c++20, with asan)

```
#include <algorithm>
#include <vector>

int main()
{
    std::vector<int> vec{1};
    auto const old_size = vec.size();
    vec.resize(old_size + 1);
    std::ranges::move_backward(vec.begin(), vec.begin() + old_size, vec.end());
}
```

Compiler Explorer: https://godbolt.org/z/7fGfdb63z

This is probably related to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108846

It seems to me that the maybe `ranges::__assign_one<_IsMove>(__first,
--__result);` instead of `ranges::__assign_one<_IsMove>(__first, __result);` 
needs to be called in in
https://github.com/gcc-mirror/gcc/blob/2ef62aa1a3fb7ece56b0f7a8ba79ef7eac0991ec/libstdc%2B%2B-v3/include/bits/ranges_algobase.h#L425

[Bug libstdc++/117121] New: [15 regression] heap-buffer-overflow in ranges::{copy,move}_backward for 1-element ranges

Reply via email to