From 980a23a30d96f8384e0b0c1c3476162cf5222fa1 Mon Sep 17 00:00:00 2001
From: Nicole Mazzuca <mazzucan@outlook.com>
Date: Mon, 17 Jul 2023 14:49:01 -0700
Subject: [PATCH 1/3] oh no i see what happened

---
 stl/inc/xstring | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/stl/inc/xstring b/stl/inc/xstring
index b034af9425..455e6ae8f1 100644
--- a/stl/inc/xstring
+++ b/stl/inc/xstring
@@ -3807,12 +3807,13 @@ public:
             // either we are shrinking, or the growth fits
             // may temporarily overflow; OK because size_type must be unsigned
             const auto _New_size = _Old_size + _Count - _Nx;
-            _ASAN_STRING_MODIFY(*this, _Old_size, _New_size);
+            _ASAN_STRING_REMOVE(*this);
             _Mypair._Myval2._Mysize = _New_size;
             _Elem* const _Old_ptr   = _Mypair._Myval2._Myptr();
             _Elem* const _Insert_at = _Old_ptr + _Off;
             _Traits::move(_Insert_at + _Count, _Insert_at + _Nx, _Old_size - _Nx - _Off + 1);
             _Traits::assign(_Insert_at, _Count, _Ch);
+            _ASAN_STRING_CREATE(*this);
             return *this;
         }
 

From e3e98eec196b7e360d54324e392e9a9d14efd9a4 Mon Sep 17 00:00:00 2001
From: Nicole Mazzuca <mazzucan@outlook.com>
Date: Mon, 17 Jul 2023 14:56:47 -0700
Subject: [PATCH 2/3] add tests

---
 .../GH_003883_replace_asan_failure/env.lst    | 57 +++++++++++++++++++
 .../GH_003883_replace_asan_failure/test.cpp   |  9 +++
 2 files changed, 66 insertions(+)
 create mode 100644 tests/std/tests/GH_003883_replace_asan_failure/env.lst
 create mode 100644 tests/std/tests/GH_003883_replace_asan_failure/test.cpp

diff --git a/tests/std/tests/GH_003883_replace_asan_failure/env.lst b/tests/std/tests/GH_003883_replace_asan_failure/env.lst
new file mode 100644
index 0000000000..f51270fc94
--- /dev/null
+++ b/tests/std/tests/GH_003883_replace_asan_failure/env.lst
@@ -0,0 +1,57 @@
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+# This test matrix is the usual test matrix, with all currently unsupported options removed, crossed with the ASan flags.
+
+# TRANSITION, google/sanitizers#328 - clang-cl does not currently support targeting /MDd or /MTd.
+RUNALL_INCLUDE ..\prefix.lst
+RUNALL_CROSSLIST
+PM_CL="/Zi /wd4611 /w14640 /Zc:threadSafeInit-" PM_LINK="/debug"
+RUNALL_CROSSLIST
+PM_CL="-fsanitize=address /BE /c /EHsc /MD /std:c++14"
+PM_CL="-fsanitize=address /BE /c /EHsc /MDd /std:c++17 /permissive-"
+PM_CL="-fsanitize=address /BE /c /EHsc /MT /std:c++20 /permissive-"
+PM_CL="-fsanitize=address /BE /c /EHsc /MTd /std:c++latest /permissive-"
+PM_CL="-fsanitize=address /EHsc /MD /std:c++14"
+PM_CL="-fsanitize=address /EHsc /MD /std:c++17"
+PM_CL="-fsanitize=address /EHsc /MD /std:c++20"
+PM_CL="-fsanitize=address /EHsc /MD /std:c++latest /permissive- /Zc:char8_t- /Zc:preprocessor"
+PM_CL="-fsanitize=address /EHsc /MD /std:c++latest /permissive- /Zc:noexceptTypes-"
+PM_CL="-fsanitize=address /EHsc /MDd /std:c++14 /fp:except /Zc:preprocessor"
+PM_CL="-fsanitize=address /EHsc /MDd /std:c++17 /permissive-"
+PM_CL="-fsanitize=address /EHsc /MDd /std:c++20 /permissive-"
+PM_CL="-fsanitize=address /EHsc /MDd /std:c++latest /permissive- /Zc:wchar_t-"
+PM_CL="-fsanitize=address /EHsc /MDd /std:c++latest /permissive-"
+PM_CL="-fsanitize=address /EHsc /MT /std:c++latest /permissive- /analyze:only /analyze:autolog-"
+PM_CL="-fsanitize=address /EHsc /MT /std:c++latest /permissive-"
+PM_CL="-fsanitize=address /EHsc /MTd /std:c++latest /permissive"
+PM_CL="-fsanitize=address /EHsc /MTd /std:c++latest /permissive- /analyze:only /analyze:autolog-"
+PM_CL="-fsanitize=address /EHsc /MTd /std:c++latest /permissive- /fp:strict"
+PM_CL="-fsanitize=address /EHsc /MTd /std:c++latest /permissive-"
+PM_CL="/D_ANNOTATE_STRING /BE /c /EHsc /MD /std:c++14"
+PM_CL="/D_ANNOTATE_STRING /BE /c /EHsc /MDd /std:c++17 /permissive-"
+PM_CL="/D_ANNOTATE_STRING /BE /c /EHsc /MT /std:c++20 /permissive-"
+PM_CL="/D_ANNOTATE_STRING /BE /c /EHsc /MTd /std:c++latest /permissive-"
+PM_CL="/D_ANNOTATE_STRING /EHsc /MD /std:c++14"
+PM_CL="/D_ANNOTATE_STRING /EHsc /MD /std:c++14 /Zc:char8_t"
+PM_CL="/D_ANNOTATE_STRING /EHsc /MD /std:c++17"
+PM_CL="/D_ANNOTATE_STRING /EHsc /MD /std:c++17 /Zc:char8_t"
+PM_CL="/D_ANNOTATE_STRING /EHsc /MD /std:c++20"
+PM_CL="/D_ANNOTATE_STRING /EHsc /MD /std:c++latest /permissive- /Zc:char8_t- /Zc:preprocessor"
+PM_CL="/D_ANNOTATE_STRING /EHsc /MD /std:c++latest /permissive- /Zc:noexceptTypes-"
+PM_CL="/D_ANNOTATE_STRING /EHsc /MDd /std:c++14 /fp:except /Zc:preprocessor"
+PM_CL="/D_ANNOTATE_STRING /EHsc /MDd /std:c++17 /permissive-"
+PM_CL="/D_ANNOTATE_STRING /EHsc /MDd /std:c++20 /permissive-"
+PM_CL="/D_ANNOTATE_STRING /EHsc /MDd /std:c++latest /permissive- /Zc:wchar_t-"
+PM_CL="/D_ANNOTATE_STRING /EHsc /MDd /std:c++latest /permissive-"
+PM_CL="/D_ANNOTATE_STRING /EHsc /MT /std:c++latest /permissive- /analyze:only /analyze:autolog-"
+PM_CL="/D_ANNOTATE_STRING /EHsc /MT /std:c++latest /permissive-"
+PM_CL="/D_ANNOTATE_STRING /EHsc /MTd /std:c++latest /permissive"
+PM_CL="/D_ANNOTATE_STRING /EHsc /MTd /std:c++latest /permissive- /analyze:only /analyze:autolog-"
+PM_CL="/D_ANNOTATE_STRING /EHsc /MTd /std:c++latest /permissive- /fp:strict"
+PM_CL="/D_ANNOTATE_STRING /EHsc /MTd /std:c++latest /permissive-"
+# TRANSITION, clang-cl does not support /alternatename so we cannot test /D_ANNOTATE_STRING without -fsanitize=address
+PM_COMPILER="clang-cl" PM_CL="-fsanitize=address -fno-ms-compatibility -fno-delayed-template-parsing -Wno-unqualified-std-cast-call /EHsc /MD /std:c++14"
+PM_COMPILER="clang-cl" PM_CL="-fsanitize=address -fno-ms-compatibility -fno-delayed-template-parsing -Wno-unqualified-std-cast-call /EHsc /MD /std:c++17"
+PM_COMPILER="clang-cl" PM_CL="-fsanitize=address -fno-ms-compatibility -fno-delayed-template-parsing -Wno-unqualified-std-cast-call /EHsc /MT /std:c++20 /permissive-"
+PM_COMPILER="clang-cl" PM_CL="-fsanitize=address -fno-ms-compatibility -fno-delayed-template-parsing -Wno-unqualified-std-cast-call /EHsc /MT /std:c++latest /permissive- /fp:strict"
diff --git a/tests/std/tests/GH_003883_replace_asan_failure/test.cpp b/tests/std/tests/GH_003883_replace_asan_failure/test.cpp
new file mode 100644
index 0000000000..f90e4edeed
--- /dev/null
+++ b/tests/std/tests/GH_003883_replace_asan_failure/test.cpp
@@ -0,0 +1,9 @@
+// Copyright (c) Microsoft Corporation.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+#include <string>
+
+int main() {
+    std::string t = "0123456789ABCDEF"; // large string
+    t.replace(0, 30, 7, 'A');
+}

From 08f1279916071df56ae6fa70734a958af33c4227 Mon Sep 17 00:00:00 2001
From: "Stephan T. Lavavej" <stl@nuwen.net>
Date: Mon, 17 Jul 2023 18:27:49 -0700
Subject: [PATCH 3/3] Fuse into GH_002030_asan_annotate_string, assert result.

---
 .../GH_002030_asan_annotate_string/test.cpp   |  8 +++
 .../GH_003883_replace_asan_failure/env.lst    | 57 -------------------
 .../GH_003883_replace_asan_failure/test.cpp   |  9 ---
 3 files changed, 8 insertions(+), 66 deletions(-)
 delete mode 100644 tests/std/tests/GH_003883_replace_asan_failure/env.lst
 delete mode 100644 tests/std/tests/GH_003883_replace_asan_failure/test.cpp

diff --git a/tests/std/tests/GH_002030_asan_annotate_string/test.cpp b/tests/std/tests/GH_002030_asan_annotate_string/test.cpp
index dcafe097fe..ae8fd17f33 100644
--- a/tests/std/tests/GH_002030_asan_annotate_string/test.cpp
+++ b/tests/std/tests/GH_002030_asan_annotate_string/test.cpp
@@ -1913,6 +1913,13 @@ void test_DevCom_10109507() {
     assert(s == "xyefbcd");
 }
 
+void test_gh_3883() {
+    // GH-3883 <string>: basic_string::replace fails under ASan when pos + count > size, and count2 < count
+    string t = "0123456789ABCDEF"; // large string
+    t.replace(0, 30, 7, 'A');
+    assert(t == "AAAAAAA");
+}
+
 int main() {
     run_allocator_matrix<char>();
 #ifdef __cpp_char8_t
@@ -1924,4 +1931,5 @@ int main() {
 
     test_DevCom_10116361();
     test_DevCom_10109507();
+    test_gh_3883();
 }
diff --git a/tests/std/tests/GH_003883_replace_asan_failure/env.lst b/tests/std/tests/GH_003883_replace_asan_failure/env.lst
deleted file mode 100644
index f51270fc94..0000000000
--- a/tests/std/tests/GH_003883_replace_asan_failure/env.lst
+++ /dev/null
@@ -1,57 +0,0 @@
-# Copyright (c) Microsoft Corporation.
-# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
-
-# This test matrix is the usual test matrix, with all currently unsupported options removed, crossed with the ASan flags.
-
-# TRANSITION, google/sanitizers#328 - clang-cl does not currently support targeting /MDd or /MTd.
-RUNALL_INCLUDE ..\prefix.lst
-RUNALL_CROSSLIST
-PM_CL="/Zi /wd4611 /w14640 /Zc:threadSafeInit-" PM_LINK="/debug"
-RUNALL_CROSSLIST
-PM_CL="-fsanitize=address /BE /c /EHsc /MD /std:c++14"
-PM_CL="-fsanitize=address /BE /c /EHsc /MDd /std:c++17 /permissive-"
-PM_CL="-fsanitize=address /BE /c /EHsc /MT /std:c++20 /permissive-"
-PM_CL="-fsanitize=address /BE /c /EHsc /MTd /std:c++latest /permissive-"
-PM_CL="-fsanitize=address /EHsc /MD /std:c++14"
-PM_CL="-fsanitize=address /EHsc /MD /std:c++17"
-PM_CL="-fsanitize=address /EHsc /MD /std:c++20"
-PM_CL="-fsanitize=address /EHsc /MD /std:c++latest /permissive- /Zc:char8_t- /Zc:preprocessor"
-PM_CL="-fsanitize=address /EHsc /MD /std:c++latest /permissive- /Zc:noexceptTypes-"
-PM_CL="-fsanitize=address /EHsc /MDd /std:c++14 /fp:except /Zc:preprocessor"
-PM_CL="-fsanitize=address /EHsc /MDd /std:c++17 /permissive-"
-PM_CL="-fsanitize=address /EHsc /MDd /std:c++20 /permissive-"
-PM_CL="-fsanitize=address /EHsc /MDd /std:c++latest /permissive- /Zc:wchar_t-"
-PM_CL="-fsanitize=address /EHsc /MDd /std:c++latest /permissive-"
-PM_CL="-fsanitize=address /EHsc /MT /std:c++latest /permissive- /analyze:only /analyze:autolog-"
-PM_CL="-fsanitize=address /EHsc /MT /std:c++latest /permissive-"
-PM_CL="-fsanitize=address /EHsc /MTd /std:c++latest /permissive"
-PM_CL="-fsanitize=address /EHsc /MTd /std:c++latest /permissive- /analyze:only /analyze:autolog-"
-PM_CL="-fsanitize=address /EHsc /MTd /std:c++latest /permissive- /fp:strict"
-PM_CL="-fsanitize=address /EHsc /MTd /std:c++latest /permissive-"
-PM_CL="/D_ANNOTATE_STRING /BE /c /EHsc /MD /std:c++14"
-PM_CL="/D_ANNOTATE_STRING /BE /c /EHsc /MDd /std:c++17 /permissive-"
-PM_CL="/D_ANNOTATE_STRING /BE /c /EHsc /MT /std:c++20 /permissive-"
-PM_CL="/D_ANNOTATE_STRING /BE /c /EHsc /MTd /std:c++latest /permissive-"
-PM_CL="/D_ANNOTATE_STRING /EHsc /MD /std:c++14"
-PM_CL="/D_ANNOTATE_STRING /EHsc /MD /std:c++14 /Zc:char8_t"
-PM_CL="/D_ANNOTATE_STRING /EHsc /MD /std:c++17"
-PM_CL="/D_ANNOTATE_STRING /EHsc /MD /std:c++17 /Zc:char8_t"
-PM_CL="/D_ANNOTATE_STRING /EHsc /MD /std:c++20"
-PM_CL="/D_ANNOTATE_STRING /EHsc /MD /std:c++latest /permissive- /Zc:char8_t- /Zc:preprocessor"
-PM_CL="/D_ANNOTATE_STRING /EHsc /MD /std:c++latest /permissive- /Zc:noexceptTypes-"
-PM_CL="/D_ANNOTATE_STRING /EHsc /MDd /std:c++14 /fp:except /Zc:preprocessor"
-PM_CL="/D_ANNOTATE_STRING /EHsc /MDd /std:c++17 /permissive-"
-PM_CL="/D_ANNOTATE_STRING /EHsc /MDd /std:c++20 /permissive-"
-PM_CL="/D_ANNOTATE_STRING /EHsc /MDd /std:c++latest /permissive- /Zc:wchar_t-"
-PM_CL="/D_ANNOTATE_STRING /EHsc /MDd /std:c++latest /permissive-"
-PM_CL="/D_ANNOTATE_STRING /EHsc /MT /std:c++latest /permissive- /analyze:only /analyze:autolog-"
-PM_CL="/D_ANNOTATE_STRING /EHsc /MT /std:c++latest /permissive-"
-PM_CL="/D_ANNOTATE_STRING /EHsc /MTd /std:c++latest /permissive"
-PM_CL="/D_ANNOTATE_STRING /EHsc /MTd /std:c++latest /permissive- /analyze:only /analyze:autolog-"
-PM_CL="/D_ANNOTATE_STRING /EHsc /MTd /std:c++latest /permissive- /fp:strict"
-PM_CL="/D_ANNOTATE_STRING /EHsc /MTd /std:c++latest /permissive-"
-# TRANSITION, clang-cl does not support /alternatename so we cannot test /D_ANNOTATE_STRING without -fsanitize=address
-PM_COMPILER="clang-cl" PM_CL="-fsanitize=address -fno-ms-compatibility -fno-delayed-template-parsing -Wno-unqualified-std-cast-call /EHsc /MD /std:c++14"
-PM_COMPILER="clang-cl" PM_CL="-fsanitize=address -fno-ms-compatibility -fno-delayed-template-parsing -Wno-unqualified-std-cast-call /EHsc /MD /std:c++17"
-PM_COMPILER="clang-cl" PM_CL="-fsanitize=address -fno-ms-compatibility -fno-delayed-template-parsing -Wno-unqualified-std-cast-call /EHsc /MT /std:c++20 /permissive-"
-PM_COMPILER="clang-cl" PM_CL="-fsanitize=address -fno-ms-compatibility -fno-delayed-template-parsing -Wno-unqualified-std-cast-call /EHsc /MT /std:c++latest /permissive- /fp:strict"
diff --git a/tests/std/tests/GH_003883_replace_asan_failure/test.cpp b/tests/std/tests/GH_003883_replace_asan_failure/test.cpp
deleted file mode 100644
index f90e4edeed..0000000000
--- a/tests/std/tests/GH_003883_replace_asan_failure/test.cpp
+++ /dev/null
@@ -1,9 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
-
-#include <string>
-
-int main() {
-    std::string t = "0123456789ABCDEF"; // large string
-    t.replace(0, 30, 7, 'A');
-}