<format>: fix single byte out of bounds access#2569
Conversation
When the junk in _Buffer happened to be 'p' (or if to_chars used up all available space in the buffer, then format would access uninitialized stack when trying to find the position of the "e" in scientific mode.
|
As mentioned on Discord, I believe that this fix is minimal and safe. We know that @barcharcraz would like to leave #2494's additional diagnostics around for a little while after merging this, which sounds good to me (I've added it to my list of cleanups for later). FYI @CaseyCarter, I believe this is a must-have to backport to 16.11.x with the rest of the |
CaseyCarter
changed the title
<format>: fix single byte out of bounds access
Added to my informal list of stuff to backport. |
miscco
left a comment
miscco
left a comment
There was a problem hiding this comment.
Urgh, sorry for missing that when reworking the additional zeros path
|
I'm mirroring this to the MSVC-internal repo - please notify me if any further changes are pushed. (I'll handle verifying that this works with the recent LLVM update.) |
|
Thanks for fixing the root cause of the mysterious sporadic failures! 🎉 ✅ 😺 |
4 participants
formatwould access uninitialized stack when trying to find the position of the exponent. When the junk in_Buffer(or past it, ifto_charsused up all available space in the buffer) happened to be'p'inhexmode (or'e'inscientificmode, or their uppercased forms), this produced incorrect results.Fixes #2449. Thanks to @statementreply for investigating!