Hardening and test

frederick-vs-ja · frederick-vs-ja · commit 9a1911ac70f1 · 2025-02-22T17:03:28.000+08:00
diff --git a/libcxx/include/__format/format_arg_store.h b/libcxx/include/__format/format_arg_store.h
@@ -198,15 +198,12 @@ _LIBCPP_HIDE_FROM_ABI basic_format_arg<_Context> __create_format_arg(_Tp& __valu
   else if constexpr (__arg == __arg_t::__string_view)
     // Using std::size on a character array will add the NUL-terminator to the size.
     if constexpr (__is_bounded_array_of<_Dp, __context_char_type>) {
-      const auto __pbegin = std::begin(__value);
-      if (const __context_char_type* const __pzero =
-              char_traits<__context_char_type>::find(__pbegin, extent_v<_Dp>, __context_char_type{})) {
-        return basic_format_arg<_Context>{
-            __arg, basic_string_view<__context_char_type>{__pbegin, static_cast<size_t>(__pzero - __pbegin)}};
-      } else {
-        // Per [format.arg]/5, the behavior is undefined because the array is not null-terminated.
-        return basic_format_arg<_Context>{__arg, basic_string_view<__context_char_type>{__pbegin, extent_v<_Dp>}};
-      }
+      const __context_char_type* const __pbegin = std::begin(__value);
+      const __context_char_type* const __pzero =
+          char_traits<__context_char_type>::find(__pbegin, extent_v<_Dp>, __context_char_type{});
+      _LIBCPP_ASSERT_VALID_INPUT_RANGE(__pzero != nullptr, "formatting a non-null-terminated array");
+      return basic_format_arg<_Context>{
+          __arg, basic_string_view<__context_char_type>{__pbegin, static_cast<size_t>(__pzero - __pbegin)}};
     } else
       // When the _Traits or _Allocator are different an implicit conversion will fail.
       return basic_format_arg<_Context>{__arg, basic_string_view<__context_char_type>{__value.data(), __value.size()}};
diff --git a/libcxx/test/libcxx/utilities/format/format.arguments/format.arg/assert.array.pass.cpp b/libcxx/test/libcxx/utilities/format/format.arguments/format.arg/assert.array.pass.cpp
@@ -0,0 +1,33 @@
+//===----------------------------------------------------------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+// <format>
+
+// Formatting non-null-terminated character arrays.
+
+// REQUIRES: std-at-least-c++20, has-unix-headers, libcpp-hardening-mode={{extensive|debug}}
+// XFAIL: libcpp-hardening-mode=debug && availability-verbose_abort-missing
+
+#include <format>
+
+#include "check_assertion.h"
+
+int main(int, char**) {
+  {
+    const char non_null_terminated[3]{'1', '2', '3'};
+    TEST_LIBCPP_ASSERT_FAILURE(std::format("{}", non_null_terminated), "formatting a non-null-terminated array");
+  }
+#ifndef TEST_HAS_NO_WIDE_CHARACTERS
+  {
+    const wchar_t non_null_terminated[3]{L'1', L'2', L'3'};
+    TEST_LIBCPP_ASSERT_FAILURE(std::format(L"{}", non_null_terminated), "formatting a non-null-terminated array");
+  }
+#endif
+
+  return 0;
+}
