Skip to content

Commit

Permalink
Abseil LTS Branch, Jan 2024, Patch 2
Browse files Browse the repository at this point in the history
* Prevent overflow in absl::CEscape()
Strings larger than 1 GiB on a platform with a 32-bit size_t could
potentially overflow size_t in `CEscapedLength()`, resulting in an
undersized allocation. The resulting write in
`CEscapeAndAppendInternal()` would then write beyond the bounds of the
output buffer.

A second overflow, where the calculated escaped length is added to the
size of the string being appended to, is also fixed.

In both cases the program will now abort prior to the overflow.

Credit goes to Ronald Crane (Zippenhop LLC) for reporting this issue.

PiperOrigin-RevId: 607019573
Change-Id: I97bf246cde96102a793d2db49446cccae08abf59

* Workaround for NVIDIA C++ compiler being unable to parse variadic
expansions in range of range-based for loop

Fixes: abseil#1629
PiperOrigin-RevId: 611131201
Change-Id: I787731e00207b544ee16055e6e0d323a5094a433

* Fix OSX support with CocoaPods and Xcode 15

PiperOrigin-RevId: 615090942
Change-Id: I7cc20a0129dcfbbddedd9e6d816bb6234bff14b3

* PR abseil#1643: add xcprivacy to all subspecs
Imported from GitHub PR abseil#1643

Addressing comments at abseil#1604
Add a xcprivacy subspec and have all other subspecs depend on it (option 1)

Didn't going with option 3 because there are several levels of subspecs in abseil podspec, it's difficult to track whether all of them directly or indirectly depends on abseil/base/config or ensure they will continue to depend on it.

Example of generated podsped: https://gist.github.com/HannahShiSFB/15d8fb6aa637f2781b7be4218d080f11
Merge 4405cdf into 4539c54

Merging this change closes abseil#1643

COPYBARA_INTEGRATE_REVIEW=abseil#1643 from HannahShiSFB:privacy-manifests 4405cdf
PiperOrigin-RevId: 616914674
Change-Id: If56d5a4f1a7cc6f9fac7a2d8e95b55d140e645fc
  • Loading branch information
derekmauro committed Apr 8, 2024
1 parent 2f9e432 commit 32f4d95
Show file tree
Hide file tree
Showing 5 changed files with 47 additions and 19 deletions.
2 changes: 1 addition & 1 deletion MODULE.bazel
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@

module(
name = "abseil-cpp",
version = "20240116.0",
version = "20240116.2",
compatibility_level = 1,
)

Expand Down
13 changes: 12 additions & 1 deletion absl/abseil.podspec.gen.py
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,14 @@
'ALWAYS_SEARCH_USER_PATHS' => 'NO',
}
s.ios.deployment_target = '9.0'
s.osx.deployment_target = '10.10'
s.osx.deployment_target = '10.11'
s.tvos.deployment_target = '9.0'
s.watchos.deployment_target = '2.0'
s.subspec 'xcprivacy' do |ss|
ss.resource_bundles = {
ss.module_name => 'PrivacyInfo.xcprivacy',
}
end
"""

# Rule object representing the rule of Bazel BUILD.
Expand Down Expand Up @@ -191,6 +196,12 @@ def write_podspec_rule(f, rule, depth):
name = get_spec_name(dep.replace(":", "/"))
f.write("{indent}{var}.dependency '{dep}'\n".format(
indent=indent, var=spec_var, dep=name))
# Writes dependency to xcprivacy
f.write(
"{indent}{var}.dependency '{dep}'\n".format(
indent=indent, var=spec_var, dep="abseil/xcprivacy"
)
)


def write_indented_list(f, leading, values):
Expand Down
2 changes: 1 addition & 1 deletion absl/base/config.h
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@
// LTS releases can be obtained from
// https://github.com/abseil/abseil-cpp/releases.
#define ABSL_LTS_RELEASE_VERSION 20240116
#define ABSL_LTS_RELEASE_PATCH_LEVEL 1
#define ABSL_LTS_RELEASE_PATCH_LEVEL 2

// Helper macro to convert a CPP variable to a string literal.
#define ABSL_INTERNAL_DO_TOKEN_STR(x) #x
Expand Down
26 changes: 22 additions & 4 deletions absl/strings/escaping.cc
Original file line number Diff line number Diff line change
Expand Up @@ -362,7 +362,7 @@ std::string CEscapeInternal(absl::string_view src, bool use_hex,
}

/* clang-format off */
constexpr unsigned char c_escaped_len[256] = {
constexpr unsigned char kCEscapedLen[256] = {
4, 4, 4, 4, 4, 4, 4, 4, 4, 2, 2, 4, 4, 2, 4, 4, // \t, \n, \r
4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4,
1, 1, 2, 1, 1, 1, 1, 2, 1, 1, 1, 1, 1, 1, 1, 1, // ", '
Expand All @@ -387,8 +387,23 @@ constexpr unsigned char c_escaped_len[256] = {
// that UTF-8 bytes are not handled specially.
inline size_t CEscapedLength(absl::string_view src) {
size_t escaped_len = 0;
for (char c : src)
escaped_len += c_escaped_len[static_cast<unsigned char>(c)];
// The maximum value of kCEscapedLen[x] is 4, so we can escape any string of
// length size_t_max/4 without checking for overflow.
size_t unchecked_limit =
std::min<size_t>(src.size(), std::numeric_limits<size_t>::max() / 4);
size_t i = 0;
while (i < unchecked_limit) {
// Common case: No need to check for overflow.
escaped_len += kCEscapedLen[static_cast<unsigned char>(src[i++])];
}
while (i < src.size()) {
// Beyond unchecked_limit we need to check for overflow before adding.
size_t char_len = kCEscapedLen[static_cast<unsigned char>(src[i++])];
ABSL_INTERNAL_CHECK(
escaped_len <= std::numeric_limits<size_t>::max() - char_len,
"escaped_len overflow");
escaped_len += char_len;
}
return escaped_len;
}

Expand All @@ -400,12 +415,15 @@ void CEscapeAndAppendInternal(absl::string_view src, std::string* dest) {
}

size_t cur_dest_len = dest->size();
ABSL_INTERNAL_CHECK(
cur_dest_len <= std::numeric_limits<size_t>::max() - escaped_len,
"std::string size overflow");
strings_internal::STLStringResizeUninitialized(dest,
cur_dest_len + escaped_len);
char* append_ptr = &(*dest)[cur_dest_len];

for (char c : src) {
size_t char_len = c_escaped_len[static_cast<unsigned char>(c)];
size_t char_len = kCEscapedLen[static_cast<unsigned char>(c)];
if (char_len == 1) {
*append_ptr++ = c;
} else if (char_len == 2) {
Expand Down
23 changes: 11 additions & 12 deletions absl/strings/str_cat.h
Original file line number Diff line number Diff line change
Expand Up @@ -601,18 +601,17 @@ StrAppend(absl::Nonnull<String*> str, T... args) {
ptrdiff_t n; // The length of the current argument
typename String::pointer pos = &(*str)[old_size];
using SomeTrivialEmptyType = std::false_type;
// Ugly code due to the lack of C++14 fold expression makes us.
const SomeTrivialEmptyType dummy1;
for (const SomeTrivialEmptyType& dummy2 :
{(/* Comma expressions are poor man's C++17 fold expression for C++14 */
(void)(n = lengths[i]),
(void)(n < 0 ? (void)(*pos++ = '-'), (n = ~n) : 0),
(void)absl::numbers_internal::FastIntToBufferBackward(
absl::numbers_internal::UnsignedAbsoluteValue(std::move(args)),
pos += n, static_cast<uint32_t>(n)),
(void)++i, dummy1)...}) {
(void)dummy2; // Remove & migrate to fold expressions in C++17
}
const SomeTrivialEmptyType dummy;
// Ugly code due to the lack of C++17 fold expressions
const SomeTrivialEmptyType dummies[] = {
(/* Comma expressions are poor man's C++17 fold expression for C++14 */
(void)(n = lengths[i]),
(void)(n < 0 ? (void)(*pos++ = '-'), (n = ~n) : 0),
(void)absl::numbers_internal::FastIntToBufferBackward(
absl::numbers_internal::UnsignedAbsoluteValue(std::move(args)),
pos += n, static_cast<uint32_t>(n)),
(void)++i, dummy)...};
(void)dummies; // Remove & migrate to fold expressions in C++17
}

// Helper function for the future StrCat default floating-point format, %.6g
Expand Down

0 comments on commit 32f4d95

Please sign in to comment.