From patchwork Tue May 29 15:38:56 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Florian Weimer <fweimer@redhat.com>
X-Patchwork-Id: 161761
Return-Path: 
 <gcc-patches-return-319788-incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	by ozlabs.org (Postfix) with SMTP id A16CFB6FBB
	for <incoming@patchwork.ozlabs.org>;
	Wed, 30 May 2012 01:39:20 +1000 (EST)
Comment: DKIM? See http://www.dkim.org
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;
	d=gcc.gnu.org; s=default; x=1338910760; h=Comment:
	DomainKey-Signature:Received:Received:Received:Received:Received:
	Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:
	Content-Type:Mailing-List:Precedence:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:Sender:Delivered-To; bh=vBn1l+Q
	tOw3IwMzPCRRGnzmty6U=; b=N0sOUK+F3a9tApZLHMEN2LqeSqPZgc7srxGI8cQ
	dhmifldEWeJt6xnPphW8k79lJO8gjfWhH8gz3UZYW8ipqp6oMWhFrsa0+lJ9K5Is
	NV5gsg8SzIqCzVcfrYP5iiyDEhgNrPUknnMFO7Y7UqJNL31bCYrNeDajsA4oXDL4
	ssgY=
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gcc.gnu.org;
	h=Received:Received:X-SWARE-Spam-Status:X-Spam-Check-By:Received:Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:X-IsSubscribed:Mailing-List:Precedence:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help:Sender:Delivered-To;
	b=OZwwduaJYftTSXy0eS1bZgPfoS5zbiXtuQAcQi1+7QUDfJdbYYKwpiM3A6JMZU
	aeGul6EhT74K5U33YPLs+Vlw+AHN9N0cnW0L4cYwYTiQ2TkxJU+q7zvtvbY4eSLE
	AV2cFenetxniRdfqo6AwJcvjkVBlpt0Jn2EhjJZ2Zgebw=;
Received: (qmail 12076 invoked by alias); 29 May 2012 15:39:14 -0000
Received: (qmail 11931 invoked by uid 22791); 29 May 2012 15:39:11 -0000
X-SWARE-Spam-Status: No, hits=-6.3 required=5.0	tests=AWL, BAYES_00,
	KHOP_RCVD_UNTRUST, RCVD_IN_DNSWL_HI, RCVD_IN_HOSTKARMA_W,
	SPF_HELO_PASS, T_RP_MATCHES_RCVD
X-Spam-Check-By: sourceware.org
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by
	sourceware.org (qpsmtpd/0.43rc1) with ESMTP;
	Tue, 29 May 2012 15:38:58 +0000
Received: from int-mx02.intmail.prod.int.phx2.redhat.com
	(int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12])	by
	mx1.redhat.com (8.14.4/8.14.4) with ESMTP id
	q4TFcwRk030234	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA
	bits=256 verify=OK)	for <gcc-patches@gcc.gnu.org>;
	Tue, 29 May 2012 11:38:58 -0400
Received: from dhcp-5-241.str.redhat.com (dhcp-5-241.str.redhat.com
	[10.32.5.241])	by int-mx02.intmail.prod.int.phx2.redhat.com
	(8.13.8/8.13.8) with ESMTP id
	q4TFcuW3012783	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA
	bits=256 verify=NO)	for <gcc-patches@gcc.gnu.org>;
	Tue, 29 May 2012 11:38:57 -0400
Message-ID: <4FC4ED90.2020905@redhat.com>
Date: Tue, 29 May 2012 17:38:56 +0200
From: Florian Weimer <fweimer@redhat.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: GCC Patches <gcc-patches@gcc.gnu.org>
Subject: _FORTIFY_SOURCE for std::vector
X-IsSubscribed: yes
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Unsubscribe: 
 <mailto:gcc-patches-unsubscribe-incoming=patchwork.ozlabs.org@gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Delivered-To: mailing list gcc-patches@gcc.gnu.org

This patch evaluates _FORTIFY_SOURCE in a way similar to GNU libc.
If set, std::vector::operator[] throws if the index is out of bounds.
This is compliant with the standard because such usage triggers
undefined behavior.  _FORTIFY_SOURCE users expect some performance hit.

Okay for trunk?

2012-05-29  Florian Weimer  <fweimer@redhat.com>

	* include/bits/stl_vector.h (vector::_M_fortify_range_check):
	New.
	* (vector::operator[]): Call it.
	* testsuite/23_containers/vector/element_access/2.cc: New.

Index: libstdc++-v3/include/bits/stl_vector.h
===================================================================
--- libstdc++-v3/include/bits/stl_vector.h	(revision 187951)
+++ libstdc++-v3/include/bits/stl_vector.h	(working copy)
@@ -768,7 +768,10 @@
        */
       reference
       operator[](size_type __n)
-      { return *(this->_M_impl._M_start + __n); }
+      {
+	_M_fortify_range_check(__n);
+	return *(this->_M_impl._M_start + __n);
+      }
 
       /**
        *  @brief  Subscript access to the data contained in the %vector.
@@ -783,7 +786,10 @@
        */
       const_reference
       operator[](size_type __n) const
-      { return *(this->_M_impl._M_start + __n); }
+      { 
+	_M_fortify_range_check(__n);
+	return *(this->_M_impl._M_start + __n);
+      }
 
     protected:
       /// Safety check used only from at().
@@ -794,6 +800,16 @@
 	  __throw_out_of_range(__N("vector::_M_range_check"));
       }
 
+      /// Range check used by operator[].
+      /// No-op unless _FORTIFY_SOURCE is enabled.
+      void
+      _M_fortify_range_check(size_type __n) const
+      {
+#if defined _FORTIFY_SOURCE && _FORTIFY_SOURCE > 0
+	_M_range_check(__n);
+#endif
+      }
+
     public:
       /**
        *  @brief  Provides access to the data contained in the %vector.
Index: libstdc++-v3/testsuite/23_containers/vector/element_access/2.cc
===================================================================
--- libstdc++-v3/testsuite/23_containers/vector/element_access/2.cc	(revision 0)
+++ libstdc++-v3/testsuite/23_containers/vector/element_access/2.cc	(revision 0)
@@ -0,0 +1,71 @@
+// Copyright (C) 2012 Free Software Foundation, Inc.
+//
+// This file is part of the GNU ISO C++ Library.  This library is free
+// software; you can redistribute it and/or modify it under the
+// terms of the GNU General Public License as published by the
+// Free Software Foundation; either version 3, or (at your option)
+// any later version.
+
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License along
+// with this library; see the file COPYING3.  If not see
+// <http://www.gnu.org/licenses/>.
+
+// 23.2.4 vector 
+
+// { dg-add-options no_pch }
+
+#undef _FORTIFY_SOURCE
+#define _FORTIFY_SOURCE 2
+
+#include <vector>
+#include <stdexcept>
+#include <testsuite_hooks.h>
+
+void test01()
+{
+  std::vector<int> v(5);
+  try
+    {
+      v[5];
+      VERIFY( false );
+    }
+  catch(std::out_of_range& err)
+    {
+      VERIFY( true );
+    }
+  catch(...)
+    {
+      VERIFY( false );
+    }
+}
+
+void test02()
+{
+  std::vector<int> v(5);
+  const std::vector<int> u(v);
+  try
+    {
+      u[5];
+      VERIFY( false );
+    }
+  catch(std::out_of_range& err)
+    {
+      VERIFY( true );
+    }
+  catch(...)
+    {
+      VERIFY( false );
+    }
+}
+
+int main()
+{
+  test01();
+  test02();
+  return 0;
+}