Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / external / github.com / llvm / llvm-project / libcxx / 45931e9fe422eae494b70d66c9a38402da535fa7^! / . / include / span
commit45931e9fe422eae494b70d66c9a38402da535fa7[log] [tgz]
authorLouis Dionne <ldionne@apple.com>Wed Feb 12 16:20:09 2020 +0100
committerLouis Dionne <ldionne@apple.com>Wed Feb 12 16:21:46 2020 +0100
tree492ff2f42117922d17919c850b5cbd64e9666085
parent6547582b79719e8132d3a3614be1227bce2e6a7d [diff] [blame]
[libc++] span: Guard against overflow in span::subspan

The calculation _Offset + _Count <= size() may overflow, so use
_Count <= size() - _Offset instead. Note that this is safe due to
the previous constraint that _Offset <= size().

Patch by Michael Schellenberger Costa.

Differential Revision: https://reviews.llvm.org/D71998

Cr-Mirrored-From: sso://chromium.googlesource.com/_direct/external/github.com/llvm/llvm-project
Cr-Mirrored-Commit: b5abd50f06966af28df4f80850f006c9cda7a07e

diff --git a/include/span b/include/span
index a5362ca..82bcbff 100644
--- a/include/span
+++ b/include/span

@@ -278,6 +278,7 @@
         -> span<element_type, _Count != dynamic_extent ? _Count : _Extent - _Offset>
     {
         static_assert(_Offset <= _Extent, "Offset out of range in span::subspan()");
+        static_assert(_Count == dynamic_extent || _Count <= _Extent - _Offset, "Offset + count out of range in span::subspan()");
         return {data() + _Offset, _Count == dynamic_extent ? size() - _Offset : _Count};
     }
 
@@ -290,7 +291,7 @@
         _LIBCPP_ASSERT(__count  <= size() || __count == dynamic_extent, "Count out of range in span::subspan(offset, count)");
         if (__count == dynamic_extent)
             return {data() + __offset, size() - __offset};
-        _LIBCPP_ASSERT(__offset <= size() - __count, "count + offset out of range in span::subspan(offset, count)");
+        _LIBCPP_ASSERT(__count <= size() - __offset, "Offset + count out of range in span::subspan(offset, count)");
         return {data() + __offset, __count};
     }
 
@@ -447,7 +448,7 @@
     constexpr span<element_type, _Count> subspan() const noexcept
     {
         _LIBCPP_ASSERT(_Offset <= size(), "Offset out of range in span::subspan()");
-        _LIBCPP_ASSERT(_Count == dynamic_extent || _Offset + _Count <= size(), "Count out of range in span::subspan()");
+        _LIBCPP_ASSERT(_Count == dynamic_extent || _Count <= size() - _Offset, "Offset + count out of range in span::subspan()");
         return {data() + _Offset, _Count == dynamic_extent ? size() - _Offset : _Count};
     }
 
@@ -459,7 +460,7 @@
         _LIBCPP_ASSERT(__count  <= size() || __count == dynamic_extent, "count out of range in span::subspan(offset, count)");
         if (__count == dynamic_extent)
             return {data() + __offset, size() - __offset};
-        _LIBCPP_ASSERT(__offset <= size() - __count, "Offset + count out of range in span::subspan(offset, count)");
+        _LIBCPP_ASSERT(__count <= size() - __offset, "Offset + count out of range in span::subspan(offset, count)");
         return {data() + __offset, __count};
     }