KEMBAR78
Fix UB in `vector<bool>` by adding missing special case by AlexGuteniev · Pull Request #5726 · microsoft/STL · GitHub
Skip to content

Fix UB in vector<bool> by adding missing special case #5726

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 22, 2025
Merged

Fix UB in vector<bool> by adding missing special case #5726

merged 1 commit into from
Sep 22, 2025

Conversation

@AlexGuteniev
Copy link
Contributor

Fixes #5720.

_IsSingleBlockDest has special case when that single block touches edge, and _DestEnd is greater that _Dest, and _DestEnd._Myoff == 0. This is handled elsewhere:

STL/stl/inc/vector

Line 3834 in 43e96b2

const bool _IsSingleBlockDest = _VbDest == _DestEnd._Myptr - (_DestEnd._Myoff == 0 ? 1 : 0);

STL/stl/inc/vector

Line 3843 in 43e96b2

const auto _DestMask = _FirstDestMask | (_DestEnd._Myoff == 0 ? 0 : _LastDestMask);

STL/stl/inc/vector

Line 3860 in 43e96b2

const auto _DestMask = _FirstDestMask | (_DestEnd._Myoff == 0 ? 0 : _LastDestMask);

Now we need to add missing handling in the UB causing line. If _DestEnd._Myoff == 0, we have the only case when the subtraction result is negative. We actually need to subtract from full 32 bits in this case.

The UB didn't cause runtime behavior difference, as the shift instruction just ignores high bits.

@AlexGuteniev AlexGuteniev requested a review from a team as a code owner September 16, 2025 19:21
@github-project-automation github-project-automation bot moved this to Initial Review in STL Code Reviews Sep 16, 2025
@AlexGuteniev AlexGuteniev changed the title Fix UB in vector<bool> by adding missing special case Fix UB in vector<bool> by adding missing special case Sep 16, 2025
@frederick-vs-ja
Copy link
Contributor

Looks like that the affect statements can be executed in constant execution. Can we add a constexpr-friendly test case?

@AlexGuteniev
Copy link
Contributor Author

Looks like that the affect statements can be executed in constant execution. Can we add a constexpr-friendly test case?

Adding constexpr coverage sounds like a good idea.

But I'm against a test case for this specific branch. Think that we should be systematic, and make the entire coverage constexpr, except huge and random.

And this larger change looks like out of scope, I want to fix specific bug, for which there is already expected ubsan coverage.

AlexGuteniev
AlexGuteniev commented Sep 17, 2025
View reviewed changes
@StephanTLavavej StephanTLavavej added the bug Something isn't working label Sep 17, 2025
@StephanTLavavej StephanTLavavej self-assigned this Sep 17, 2025
@StephanTLavavej
Copy link
Member

Thanks for the quick fix and clear explanation! 😻

@StephanTLavavej StephanTLavavej removed their assignment Sep 17, 2025
@StephanTLavavej StephanTLavavej moved this from Initial Review to Ready To Merge in STL Code Reviews Sep 17, 2025
@StephanTLavavej StephanTLavavej moved this from Ready To Merge to Merging in STL Code Reviews Sep 19, 2025
@StephanTLavavej
Copy link
Member

I'm mirroring this to the MSVC-internal repo - please notify me if any further changes are pushed.

@cpplearner cpplearner mentioned this pull request Sep 20, 2025
Merged
@StephanTLavavej StephanTLavavej merged commit 3effbb0 into microsoft:main Sep 22, 2025
39 checks passed
@github-project-automation github-project-automation bot moved this from Merging to Done in STL Code Reviews Sep 22, 2025
@StephanTLavavej
Copy link
Member

Thanks for fixing this UB so quickly! 😻 🛠️ 🛡️

@AlexGuteniev AlexGuteniev deleted the bit-positive branch September 22, 2025 17:37
@StephanTLavavej StephanTLavavej mentioned this pull request Sep 29, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@StephanTLavavej StephanTLavavej StephanTLavavej approved these changes

Assignees

No one assigned

Labels

bug Something isn't working

Projects

STL Code Reviews
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

<vector>: The vector<bool> optimization for copy() performs a forbidden negative shift

3 participants

@AlexGuteniev @frederick-vs-ja @StephanTLavavej