Fix Undefined Behavior in GridColumnLineNumber#531
Merged
arch1t3cht merged 1 commit intoTypesettingTools:masterfrom Feb 4, 2026
Merged
Fix Undefined Behavior in GridColumnLineNumber#531arch1t3cht merged 1 commit intoTypesettingTools:masterfrom
arch1t3cht merged 1 commit intoTypesettingTools:masterfrom
Conversation
Calling back() on an empty list is UB. Most of the time, we ensure that there is at least one event, but at one point during initialization, the function gets called when the list is still empty. In practice, back() would return a garbage pointer from which we would then read garbage row number and use it to calculate nonsense width. This didn't cause any visible problem, because the width will get recalculated after an event is inserted, but it's still incorrect. Fix this by instead returning the width of the string "1" when the list is empty.
Member
|
Thanks! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
At one point during initialization,
GridColumnLineNumber::Width()gets called when the event list is empty, and the function callsback()on the list, which is UB. The bug was found with UBSan:Fix this by instead returning the width of the string "1" when the list is empty.