[libc++] Erroneous internal capacity evaluation causes SIGSEGV in vector<bool>
#121726
Labels
libc++
libc++ C++ Standard Library. Not GNU libstdc++. Not libc++abi.
The internal capacity evaluation in
vector<bool>
is incorrect when evaluating__external_cap_to_internal(0)
, resulting in an erroneous return value:__external_cap_to_internal(0) = 288230376151711744
(0x400000000000000
), while the correct result should be__external_cap_to_internal(0) = 0
. Furthermore, this incorrect evaluation has propagated to other public APIs, causing a SIGSEGV error when compiling a program that callsflip()
onvector<bool>
, demonstrated as follows:Godbolt Link
The complication error:
Root cause analysis
The incorrect evaluation occurs due to the following faulty implementation of
__external_cap_to_internal
:llvm-project/libcxx/include/__vector/vector_bool.h
Lines 117 to 119 in 8d2b070
The issue arises because
__n - 1
wraps around to becomesize_type(-1) = 18446744073709551615
(0xFFFFFFFFFFFFFFFF
) when__n == 0
. A correct implementation should avoid this wrap-around behavior for any__n >= 0
.Proposed solution
To avoid the wrap-around arithmetic, the return statement can be rewritten as:
or
This will automatically fix the SIGSEGV compilation error associated with
flip()
.The text was updated successfully, but these errors were encountered: