[Bug 279560] FreeBSD 14.1 ships libc++ which passes wrong size to sized operator delete
Date: Fri, 07 Jun 2024 18:35:25 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279560 --- Comment #3 from Dimitry Andric <dim@FreeBSD.org> --- This is a bit of a false positive due to internal details of libc++ std::string. Normally the size of a std::string is 24 bytes on amd64, but only if it contains a 'short' string. When the contained string is too long to fit in the object itself, it's reallocated on the heap instead. In this particular case some TCMalloc test string comes out as 25 bytes, and that is what libc++ eventually calls malloc() with. However due to internal administration issues, it calculates the wrong size for the corresponding delete. This was also noticed by AddressSanitizer after <https://github.com/llvm/llvm-project/pull/83774> ("Enable sized deallocation by default in C++14 onwards"), and fixed by Vitaly Buka in <https://github.com/llvm/llvm-project/commit/d129ea8d2fa3>. I will merge that fix into -CURRENT, with one prerequisite fix added, so we can see if there's any fallout (but it's not likely). Then I will MFC it, and we can think about a 14.1 erratum. -- You are receiving this mail because: You are the assignee for the bug.