libstdc++: Check for size overflow in constexpr allocation [PR105957]

libstdc++-v3/ChangeLog: PR libstdc++/105957 * include/bits/allocator.h (allocator::allocate): Check for overflow in constexpr allocation. * testsuite/20_util/allocator/105975.cc: New test.
2022-06-14 14:37:25 +01:00 · 2022-06-14 14:37:25 +01:00 · 0a9af7b4ef
parent 3e16b4359e
commit 0a9af7b4ef
2 changed files with 24 additions and 1 deletions
--- a/libstdc++-v3/include/bits/allocator.h
+++ b/libstdc++-v3/include/bits/allocator.h
@ -184,7 +184,12 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION
      allocate(size_t __n)
      {
 	if (std::__is_constant_evaluated())
-	  return static_cast<_Tp*>(::operator new(__n * sizeof(_Tp)));
+	  {
+	    if (__builtin_mul_overflow(__n, sizeof(_Tp), &__n))
+	      std::__throw_bad_array_new_length();
+	    return static_cast<_Tp*>(::operator new(__n));
+	  }
+
 	return __allocator_base<_Tp>::allocate(__n, 0);
      }

--- a/libstdc++-v3/testsuite/20_util/allocator/105975.cc
+++ b/libstdc++-v3/testsuite/20_util/allocator/105975.cc
@ -0,0 +1,18 @@
+// { dg-options "-std=gnu++20" }
+// { dg-do compile { target c++20 } }
+
+// PR libstdc++/105957
+
+#include <memory>
+
+consteval bool test_pr105957()
+{
+  std::allocator<long long> a;
+  auto n = std::size_t(-1) / (sizeof(long long) - 1);
+  auto p = a.allocate(n); // { dg-error "constexpr" }
+  a.deallocate(p, n);
+  return true;
+}
+static_assert( test_pr105957() );
+
+// { dg-error "throw_bad_array_new_length" "" { target *-*-* } 0 }