| Issue |
107904
|
| Summary |
[[clang::unsafe_buffer_usage]] in libc++
|
| Labels |
libc++
|
| Assignees |
|
| Reporter |
danakj
|
There are many methods in libc++ which can cause out-of-bounds issues when given incorrect inputs, such as any method that takes one or more iterators as its inputs, or that takes a pointer input.
Will libc++ be annotating such methods with `[[clang::unsafe_buffer_usage]]`? Is the project open to adding such annotations on methods that receive iterators (instead of ranges)?
Concrete example: `std::ranges::subrange::subrange(iterator, sentinel)` if given invalid inputs will create a subrange that goes out of bounds. This is similar to `std::span(first, size)`, which is currently hard-coded in the compiler as-if it were marked with `[[clang::unsafe_buffer_usage]]`. Other examples: `std::span::span(first, last)`, `std::vector::insert(pos, first, last)`, `std::memcpy(dest, src, count)`.
Putting such annotations in libc++ will help callers avoid unsafe APIs and transition to safer ones.
We would need need all `[[clang::unsafe_buffer_usage]]` to live behind a config define to allow enabling it separately from rolling libc++ though.
Thoughts? Is this something we could do now? At some future time? Explicitly undesirable?
cc: @haoNoQ @ziqingluo-90 @jkorous-apple @ldionne
![]()
_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
