[Bug 279560] FreeBSD 14.1 ships libc++ which passes wrong size to sized operator delete

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 07 Jun 2024 18:35:25 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279560

--- Comment #3 from Dimitry Andric <dim@FreeBSD.org> ---
This is a bit of a false positive due to internal details of libc++
std::string.

Normally the size of a std::string is 24 bytes on amd64, but only if it
contains a 'short' string. When the contained string is too long to fit in the
object itself, it's reallocated on the heap instead.

In this particular case some TCMalloc test string comes out as 25 bytes, and
that is what libc++ eventually calls malloc() with. However due to internal
administration issues, it calculates the wrong size for the corresponding
delete.

This was also noticed by AddressSanitizer after
<https://github.com/llvm/llvm-project/pull/83774> ("Enable sized deallocation
by default in C++14 onwards"), and fixed by Vitaly Buka in
<https://github.com/llvm/llvm-project/commit/d129ea8d2fa3>.

I will merge that fix into -CURRENT, with one prerequisite fix added, so we can
see if there's any fallout (but it's not likely). Then I will MFC it, and we
can think about a 14.1 erratum.

-- 
You are receiving this mail because:
You are the assignee for the bug.