Hardened 'basic_stacktrace::current' (p3697r0)

elsteveogrande · elsteveogrande · commit 70c812604ca3 · 2025-08-07T15:40:49.000-04:00
diff --git a/libcxx/include/__stacktrace/basic.h b/libcxx/include/__stacktrace/basic.h
@@ -10,6 +10,7 @@
 #ifndef _LIBCPP_STACKTRACE_BASIC
 #define _LIBCPP_STACKTRACE_BASIC
 
+#include "__assert"
 #include <__config>
 
 #if !defined(_LIBCPP_HAS_NO_PRAGMA_SYSTEM_HEADER)
@@ -81,20 +82,27 @@ class _LIBCPP_EXPORTED_FROM_ABI basic_stacktrace : private __stacktrace::base {
   // (19.6.4.2)
   // Creation and assignment [stacktrace.basic.cons]
 
+  // Should be generous, but not so large that it would easily lead to an overflow
+  // when added to a given skip amount.
+  constexpr static size_type __default_max_depth = 1024;
+
   _LIBCPP_NO_TAIL_CALLS _LIBCPP_NOINLINE _LIBCPP_EXPORTED_FROM_ABI static basic_stacktrace
   current(const allocator_type& __caller_alloc = allocator_type()) noexcept(__kNoThrowAlloc) {
-    return current(1, /* no __max_depth */ ~0, __caller_alloc);
+    return current(1, __default_max_depth, __caller_alloc);
   }
 
   _LIBCPP_NO_TAIL_CALLS _LIBCPP_NOINLINE _LIBCPP_EXPORTED_FROM_ABI static basic_stacktrace
   current(size_type __skip, const allocator_type& __caller_alloc = allocator_type()) noexcept(__kNoThrowAlloc) {
-    return current(__skip + 1, /* no __max_depth */ ~0, __caller_alloc);
+    return current(__skip + 1, __default_max_depth, __caller_alloc);
   }
 
   _LIBCPP_NO_TAIL_CALLS _LIBCPP_NOINLINE _LIBCPP_EXPORTED_FROM_ABI static basic_stacktrace
   current(size_type __skip,
           size_type __max_depth,
           const allocator_type& __caller_alloc = allocator_type()) noexcept(__kNoThrowAlloc) {
+    _LIBCPP_ASSERT_VALID_ELEMENT_ACCESS(
+        __skip <= __skip + __max_depth, "sum of skip and max_depth too large; overflows size_type");
+
     __stacktrace::base __builder(__caller_alloc);
     __builder.build_stacktrace(__skip + 1, __max_depth);
     basic_stacktrace<_Allocator> __ret{__caller_alloc};
diff --git a/libcxx/test/std/diagnostics/stacktrace/basic.cons/assert.current.no_overflow.pass.cpp b/libcxx/test/std/diagnostics/stacktrace/basic.cons/assert.current.no_overflow.pass.cpp
@@ -0,0 +1,31 @@
+//===----------------------------------------------------------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+// REQUIRES: std-at-least-c++23, has-unix-headers, libcpp-hardening-mode={{extensive|debug}}
+// XFAIL: libcpp-hardening-mode=debug && availability-verbose_abort-missing
+
+/*
+  Hardened requirements for the `current` call with given `skip` and `max_depth` amounts:
+  https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2025/p3697r0.html#basic_stacktrace
+  Specifically: "Hardened preconditions: skip <= skip + max_depth is true."
+
+  // (19.6.4.2): [stacktrace.basic.cons], creation and assignment
+  static basic_stacktrace current(size_type skip, size_type max_depth,
+                                  const allocator_type& alloc = allocator_type()) noexcept;
+*/
+
+#include <stacktrace>
+
+#include "check_assertion.h"
+
+int main(int, char**) {
+  TEST_LIBCPP_ASSERT_FAILURE(
+      std::stacktrace::current(1, 0xffffffffffffffff), "sum of skip and max_depth too large; overflows size_type");
+
+  return 0;
+}
