Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

<format>: crash when formatting a floating-point value with #/L and a large precision #4320

Closed
cpplearner opened this issue Jan 16, 2024 · 0 comments · Fixed by #4907
Closed

<format>: crash when formatting a floating-point value with #/L and a large precision #4320

cpplearner opened this issue Jan 16, 2024 · 0 comments · Fixed by #4907
Labels
bug Something isn't working fixed Something works now, yay! format C++20/23 format

Comments

@cpplearner
Copy link
Contributor

Describe the bug

<format> uses a loop to find the beginning of the exponent part in order to insert trailing zeroes. But when _Specs._Alt || _Specs._Localized is true, the position has already been stored in _Exponent_start. The loop actually moves _Exponent_start away from the correct position, and eventually causes a crash due to out-of-bound access.

STL/stl/inc/format

Lines 3108 to 3112 in 3eac329

if (_Extra_precision != 0) {
// Trailing zeroes are in front of the exponent
while (*--_Exponent_start != _Exponent) {
}
}

STL/stl/inc/format

Lines 3087 to 3089 in 3eac329

} else if (*_It == _Exponent) {
_Exponent_start = _It;
}

Command-line test case

D:\test>type test-format-3.cpp
#include <format>
#include <iostream>

int main() {
    std::cout << std::format("{:#.1075e}\n", 1.0);
}

D:\test>cl /std:c++20 /EHs /utf-8 test-format-3.cpp
Microsoft (R) C/C++ Optimizing Compiler Version 19.39.33321 for x64
Copyright (C) Microsoft Corporation.  All rights reserved.

test-format-3.cpp
Microsoft (R) Incremental Linker Version 14.39.33321.0
Copyright (C) Microsoft Corporation.  All rights reserved.

/out:test-format-3.exe
test-format-3.obj

D:\test>test-format-3

D:\test>echo %errorlevel%
-1073741819

Expected behavior

no crash

STL version

https://github.com/microsoft/STL/commit/3eac329d1f614ecf138d96c22a3b02f87076bc4a
@StephanTLavavej StephanTLavavej added bug Something isn't working format C++20/23 format labels Jan 16, 2024
@frederick-vs-ja frederick-vs-ja mentioned this issue Jun 9, 2024
Merged
Andor233 added a commit to Andor233/STL that referenced this issue Aug 23, 2024
@Andor233
Fix microsoft#4320: <format>: crash when formatting a floating-point …
2b3d3ec 
…value with #/L and a large precision
@Andor233 Andor233 mentioned this issue Aug 23, 2024
Merged
@StephanTLavavej StephanTLavavej added the fixed Something works now, yay! label Aug 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working fixed Something works now, yay! format C++20/23 format
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

<format>: crash when formatting a floating-point value with #/L and a large precision Andor233/STL
2 participants
@StephanTLavavej @cpplearner