[Bug libstdc++/118160] New: Dangling reference in std::ranges::is_permutation may cause a crash

dangelog at gmail dot com via Gcc-bugs Fri, 20 Dec 2024 13:58:47 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=118160


            Bug ID: 118160
           Summary: Dangling reference in std::ranges::is_permutation may
                    cause a crash
           Product: gcc
           Version: 14.2.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libstdc++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: dangelog at gmail dot com
  Target Milestone: ---

The implementation of ranges::is_permutation may create a dangling reference,
which then results (sometimes) in a crash.

Testcase:

#include <algorithm>
#include <ranges>
#include <vector>

int main() {
    auto a = std::views::iota(0, 5);
    std::vector<int> b{0, 3, 4, 1, 2};
    return std::ranges::is_permutation(a, b);
}

https://gcc.godbolt.org/z/7bP9nE8fK


The culprit is this line

>           auto&& __proj_scan = std::__invoke(__proj1, *__scan);

in libstdc++-v3/include/bits/ranges_algo.h . If `*_scan` returns a temporary
(prvalue), and `_proj1` is e.g. `std::identity`, then the final `auto &&` does
not keep the temporary alive; it will instead form a dangling reference.

[Bug libstdc++/118160] New: Dangling reference in std::ranges::is_permutation may cause a crash

Reply via email to