Fast and exact implementation of the C++ from_chars functions for number types: 4x to 10x faster than strtod, part of GCC 12, Chromium, Redis and WebKit/Safari
When using fast_float::from_chars for an integer type, address sanitizer detects a heap buffer overflow when the string being parsed is "0". It does not seem to occur for a string of "1" or other values I've tried. (It looks like it's in "skip past leading 0's" code.)
// Note: using vector to force exact heap allocation
std::vector<char> s = {'0'};
int foo;
fast_float::from_chars(s.data(), s.data() + s.size(), foo);
Gives:
==731531==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000013951 at pc 0x5ce60f39ba08 bp 0x7ffc5ff31c30 sp 0x7ffc5ff31c20
READ of size 1 at 0x602000013951 thread T0
#0 0x5ce60f39ba07 in fast_float::from_chars_result_t<char> fast_float::parse_int_string<int, char>(char const*, char const*, int&, int) /include/fast_float/ascii_number.h:466
#1 0x5ce60f39ba07 in fast_float::from_chars_result_t<char> fast_float::from_chars<int, char, int>(char const*, char const*, int&, int) /include/fast_float/parse_number.h:250
#2 0x5ce60f39ba07 in main
0x602000013951 is located 0 bytes to the right of 1-byte region [0x602000013950,0x602000013951)
allocated by thread T0 here:
#0 0x73c0c8eb61e7 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:99
#1 0x5ce60f39b434 in __gnu_cxx::new_allocator<char>::allocate(unsigned long, void const*) /usr/include/c++/11/ext/new_allocator.h:127
#2 0x5ce60f39b434 in std::allocator_traits<std::allocator<char> >::allocate(std::allocator<char>&, unsigned long) /usr/include/c++/11/bits/alloc_traits.h:464
#3 0x5ce60f39b434 in std::_Vector_base<char, std::allocator<char> >::_M_allocate(unsigned long) /usr/include/c++/11/bits/stl_vector.h:346
#4 0x5ce60f39b434 in void std::vector<char, std::allocator<char> >::_M_range_initialize<char const*>(char const*, char const*, std::forward_iterator_tag) /usr/include/c++/11/bits/stl_vector.h:1582
#5 0x5ce60f39b434 in std::vector<char, std::allocator<char> >::vector(std::initializer_list<char>, std::allocator<char> const&) /usr/include/c++/11/bits/stl_vector.h:629
#6 0x5ce60f39b434 in main
When using fast_float::from_chars for an integer type, address sanitizer detects a heap buffer overflow when the string being parsed is "0". It does not seem to occur for a string of "1" or other values I've tried. (It looks like it's in "skip past leading 0's" code.)
Gives:
fast_float 6.0.0 / gcc 11.4 / Ubuntu 22.04