When filling a vector<bool> with stuff, initialize the last word of the storage that you're touching. Otherwise, when we lay down the bits with operator&=, we get UB from reading uninitialized memory. Fixes Bug 39354. Thanks to David Wagner for the bug report.

llvm-svn: 345067
This commit is contained in:
Marshall Clow 2018-10-23 18:38:15 +00:00
parent 8c4796deb4
commit 55fb053f57
1 changed files with 4 additions and 0 deletions

View File

@ -2606,6 +2606,8 @@ vector<bool, _Allocator>::__construct_at_end(size_type __n, bool __x)
{ {
size_type __old_size = this->__size_; size_type __old_size = this->__size_;
this->__size_ += __n; this->__size_ += __n;
if (__old_size == 0 || (__old_size / __bits_per_word) != (this->__size_ / __bits_per_word))
this->__begin_[this->__size_ / __bits_per_word] = __storage_type(0);
_VSTD::fill_n(__make_iter(__old_size), __n, __x); _VSTD::fill_n(__make_iter(__old_size), __n, __x);
} }
@ -2620,6 +2622,8 @@ vector<bool, _Allocator>::__construct_at_end(_ForwardIterator __first, _ForwardI
{ {
size_type __old_size = this->__size_; size_type __old_size = this->__size_;
this->__size_ += _VSTD::distance(__first, __last); this->__size_ += _VSTD::distance(__first, __last);
if (__old_size == 0 || (__old_size / __bits_per_word) != (this->__size_ / __bits_per_word))
this->__begin_[this->__size_ / __bits_per_word] = __storage_type(0);
_VSTD::copy(__first, __last, __make_iter(__old_size)); _VSTD::copy(__first, __last, __make_iter(__old_size));
} }