https://gcc.gnu.org/bugzilla/show_bug.cgi?id=122506
Bug ID: 122506
Summary: Initialization of std::vector<bool> reads
uninitialized memory (UB)
Product: gcc
Version: 15.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: nunoplopes at sapo dot pt
Target Milestone: ---
Some constructors of std::vector<bool> access uninitialized data, for example:
vector(size_type __n, const bool& __value = bool(),
const allocator_type& __a = allocator_type())
: _Base(__a)
{
_M_initialize(__n);
_M_initialize_value(__value);
}
_M_initialize only allocates memory, it doesn't initialize it.
_M_initialize_value calls __fill_bvector_n, which does this:
inline void
__fill_bvector_n(_Bit_type* __p, size_t __n, bool __x) _GLIBCXX_NOEXCEPT
{
#if __cpp_lib_is_constant_evaluated
if (std::is_constant_evaluated())
{
for (size_t __i = 0; __i < __n; ++__i)
__p[__i] = __x ? ~0ul : 0ul;
return;
}
#endif
__builtin_memset(__p, __x ? ~0 : 0, __n * sizeof(_Bit_type));
}
If the access goes through the operator[], it loads uninitialized memory first,
and then masks it.
This is undefined behavior.
There are other constructors that do the same.
