[committed] libstdc++: Fix filesystem::path construction from COW string [PR 99805]

Message ID YG3SufdgHkq6pgK0@redhat.com
State New
Headers show
Series
  • [committed] libstdc++: Fix filesystem::path construction from COW string [PR 99805]
Related show

Commit Message

Iain Buclaw via Gcc-patches April 7, 2021, 3:41 p.m.
Calling the non-const data() member on a COW string makes it "leaked",
possibly resulting in reallocating the string to ensure a unique owner.

The path::_M_split_cmpts() member parses its _M_pathname string using
string_view objects and then calls _M_pathname.data() to find the offset
of each string_view from the start of the string. However because
_M_pathname is non-const that will cause a COW string to reallocate if
it happens to be shared with another string object. This results in the
offsets calculated for each component being wrong (i.e. undefined)
because the string views no longer refer to substrings of the
_M_pathname member. The fix is to use the parse.offset(c) member which
gets the offset safely.

The bug only happens for the path(string_type&&) constructor and only
for COW strings. When constructed from an lvalue string the string's
contents are copied rather than just incrementing the refcount, so
there's no reallocation when calling the non-const data() member. The
testsuite changes check the lvalue case anyway, because we should
probably change the deep copying to just be a refcount increment (by
adding a path(const string_type&) constructor or an overload for
__effective_range(const string_type&), for COW strings only).

libstdc++-v3/ChangeLog:

	PR libstdc++/99805
	* src/c++17/fs_path.cc (path::_M_split_cmpts): Do not call
	non-const member on _M_pathname, to avoid copy-on-write.
	* testsuite/27_io/filesystem/path/decompose/parent_path.cc:
	Check construction from strings that might be shared.

Tested powerpc64le-linux (SSO an COW strings). Committed to trunk.

This needs to be backported to 9 and 10 too, but after the 10.3
release.
commit e06d3f5dd7d0c6b4a20fe813e6ee5addd097f560
Author: Jonathan Wakely <jwakely@redhat.com>
Date:   Wed Apr 7 16:05:42 2021

    libstdc++: Fix filesystem::path construction from COW string [PR 99805]
    
    Calling the non-const data() member on a COW string makes it "leaked",
    possibly resulting in reallocating the string to ensure a unique owner.
    
    The path::_M_split_cmpts() member parses its _M_pathname string using
    string_view objects and then calls _M_pathname.data() to find the offset
    of each string_view from the start of the string. However because
    _M_pathname is non-const that will cause a COW string to reallocate if
    it happens to be shared with another string object. This results in the
    offsets calculated for each component being wrong (i.e. undefined)
    because the string views no longer refer to substrings of the
    _M_pathname member. The fix is to use the parse.offset(c) member which
    gets the offset safely.
    
    The bug only happens for the path(string_type&&) constructor and only
    for COW strings. When constructed from an lvalue string the string's
    contents are copied rather than just incrementing the refcount, so
    there's no reallocation when calling the non-const data() member. The
    testsuite changes check the lvalue case anyway, because we should
    probably change the deep copying to just be a refcount increment (by
    adding a path(const string_type&) constructor or an overload for
    __effective_range(const string_type&), for COW strings only).
    
    libstdc++-v3/ChangeLog:
    
            PR libstdc++/99805
            * src/c++17/fs_path.cc (path::_M_split_cmpts): Do not call
            non-const member on _M_pathname, to avoid copy-on-write.
            * testsuite/27_io/filesystem/path/decompose/parent_path.cc:
            Check construction from strings that might be shared.

Patch

diff --git a/libstdc++-v3/src/c++17/fs_path.cc b/libstdc++-v3/src/c++17/fs_path.cc
index 2d9e29d9e7a..506ff25f9a6 100644
--- a/libstdc++-v3/src/c++17/fs_path.cc
+++ b/libstdc++-v3/src/c++17/fs_path.cc
@@ -1907,10 +1907,9 @@  path::_M_split_cmpts()
 	  _M_cmpts.type(_Type::_Multi);
 	  _M_cmpts.reserve(_M_cmpts.size() + buf.size());
 	  auto output = _M_cmpts._M_impl->end();
-	  for (auto& c : buf)
+	  for (const auto& c : buf)
 	    {
-	      auto pos = c.str.data() - _M_pathname.data();
-	      ::new(output++) _Cmpt(c.str, c.type, pos);
+	      ::new(output++) _Cmpt(c.str, c.type, parser.offset(c));
 	      ++_M_cmpts._M_impl->_M_size;
 	    }
 	  next = buf.begin();
@@ -1930,9 +1929,8 @@  path::_M_split_cmpts()
       auto output = _M_cmpts._M_impl->end();
       for (int i = 0; i < n; ++i)
 	{
-	  auto c = buf[i];
-	  auto pos = c.str.data() - _M_pathname.data();
-	  ::new(output++) _Cmpt(c.str, c.type, pos);
+	  const auto& c = buf[i];
+	  ::new(output++) _Cmpt(c.str, c.type, parser.offset(c));
 	  ++_M_cmpts._M_impl->_M_size;
 	}
     }
diff --git a/libstdc++-v3/testsuite/27_io/filesystem/path/decompose/parent_path.cc b/libstdc++-v3/testsuite/27_io/filesystem/path/decompose/parent_path.cc
index 84e86ec7a19..b6ca525bc82 100644
--- a/libstdc++-v3/testsuite/27_io/filesystem/path/decompose/parent_path.cc
+++ b/libstdc++-v3/testsuite/27_io/filesystem/path/decompose/parent_path.cc
@@ -18,7 +18,7 @@ 
 // with this library; see the file COPYING3.  If not see
 // <http://www.gnu.org/licenses/>.
 
-// 8.4.9 path decomposition [path.decompose]
+// C++17 30.10.8.4.9 path decomposition [fs.path.decompose]
 
 #include <filesystem>
 #include <testsuite_hooks.h>
@@ -64,9 +64,32 @@  test02()
   }
 }
 
+void
+test03()
+{
+  const std::string narrow = "there/are/no/wrong/turns/only/unexpected/paths";
+  const path::string_type s(narrow.begin(), narrow.end());
+  const auto s1 = s.substr(0, s.length() - 6);    // remove "/paths"
+  const auto s2 = s1.substr(0, s1.length() - 16); // remove "/only/..."
+
+  // PR libstdc++/99805
+  path p = path::string_type(s);
+  auto pp = p.parent_path();
+  VERIFY( pp.native() == s1 );
+  pp = pp.parent_path().parent_path();
+  VERIFY( pp.native() == s2 );
+
+  path from_lval(s);
+  pp = from_lval.parent_path();
+  VERIFY( pp.native() == s1 );
+  pp = pp.parent_path().parent_path();
+  VERIFY( pp.native() == s2 );
+}
+
 int
 main()
 {
   test01();
   test02();
+  test03();
 }