From 3a34cf68d1c8a511ca68d53cde3cfd7b5bd1ef26 Mon Sep 17 00:00:00 2001
From: Advenam Tacet <advenam.tacet@trailofbits.com>
Date: Wed, 24 Jan 2024 14:49:12 +0100
Subject: [PATCH 1/3] [ASan][libc++] Correct (explicit) annotation size

A quick examination suggests that the current code in the codebase does not lead to incorrect annotation.
However, the intention is for the object after the function to be annotated in a way that only its contents are unpoisoned and the rest is poisoned.
This commit makes it explicit and avoids potential issues in future.

In addition, I have implemented a few tests for a function that helped me identify the specific argument value.
---
 libcxx/include/string                                       | 2 +-
 .../string.modifiers/string_append/pointer_size.pass.cpp    | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/libcxx/include/string b/libcxx/include/string
index e97139206d4fa..e69da6e61d11b 100644
--- a/libcxx/include/string
+++ b/libcxx/include/string
@@ -2385,7 +2385,7 @@ _LIBCPP_CONSTEXPR_SINCE_CXX20 void basic_string<_CharT, _Traits, _Allocator>::__
   __old_sz = __n_copy + __n_add + __sec_cp_sz;
   __set_long_size(__old_sz);
   traits_type::assign(__p[__old_sz], value_type());
-  __annotate_new(__old_cap + __delta_cap);
+  __annotate_new(__old_sz);
 }
 
 // __grow_by is deprecated because it does not set the size. It may not update the size when the size is changed, and it
diff --git a/libcxx/test/std/strings/basic.string/string.modifiers/string_append/pointer_size.pass.cpp b/libcxx/test/std/strings/basic.string/string.modifiers/string_append/pointer_size.pass.cpp
index 93e7500a11967..6eac4082fba02 100644
--- a/libcxx/test/std/strings/basic.string/string.modifiers/string_append/pointer_size.pass.cpp
+++ b/libcxx/test/std/strings/basic.string/string.modifiers/string_append/pointer_size.pass.cpp
@@ -36,6 +36,7 @@ TEST_CONSTEXPR_CXX20 void test_string() {
   test(S(), "12345678901234567890", 1, S("1"));
   test(S(), "12345678901234567890", 3, S("123"));
   test(S(), "12345678901234567890", 20, S("12345678901234567890"));
+  test(S(), "1234567890123456789012345678901234567890", 40, S("1234567890123456789012345678901234567890"));
 
   test(S("12345"), "", 0, S("12345"));
   test(S("12345"), "12345", 5, S("1234512345"));
@@ -44,6 +45,11 @@ TEST_CONSTEXPR_CXX20 void test_string() {
   test(S("12345678901234567890"), "", 0, S("12345678901234567890"));
   test(S("12345678901234567890"), "12345", 5, S("1234567890123456789012345"));
   test(S("12345678901234567890"), "12345678901234567890", 20, S("1234567890123456789012345678901234567890"));
+
+  // Starting from long string (no SSO)
+  test(S("1234567890123456789012345678901234567890"), "", 0, S("1234567890123456789012345678901234567890"));
+  test(S("1234567890123456789012345678901234567890"), "a", 1, S("1234567890123456789012345678901234567890a"));
+  test(S("1234567890123456789012345678901234567890"), "aaaaaaaaaa", 10, S("1234567890123456789012345678901234567890aaaaaaaaaa"));
 }
 
 TEST_CONSTEXPR_CXX20 bool test() {

From 6093b7a9ba725cf3e4ed236b813a2de24345653e Mon Sep 17 00:00:00 2001
From: Advenam Tacet <advenam.tacet@trailofbits.com>
Date: Wed, 24 Jan 2024 15:15:22 +0100
Subject: [PATCH 2/3] clang-format

---
 .../string.modifiers/string_append/pointer_size.pass.cpp     | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libcxx/test/std/strings/basic.string/string.modifiers/string_append/pointer_size.pass.cpp b/libcxx/test/std/strings/basic.string/string.modifiers/string_append/pointer_size.pass.cpp
index 6eac4082fba02..514c8c9e679d2 100644
--- a/libcxx/test/std/strings/basic.string/string.modifiers/string_append/pointer_size.pass.cpp
+++ b/libcxx/test/std/strings/basic.string/string.modifiers/string_append/pointer_size.pass.cpp
@@ -49,7 +49,10 @@ TEST_CONSTEXPR_CXX20 void test_string() {
   // Starting from long string (no SSO)
   test(S("1234567890123456789012345678901234567890"), "", 0, S("1234567890123456789012345678901234567890"));
   test(S("1234567890123456789012345678901234567890"), "a", 1, S("1234567890123456789012345678901234567890a"));
-  test(S("1234567890123456789012345678901234567890"), "aaaaaaaaaa", 10, S("1234567890123456789012345678901234567890aaaaaaaaaa"));
+  test(S("1234567890123456789012345678901234567890"),
+       "aaaaaaaaaa",
+       10,
+       S("1234567890123456789012345678901234567890aaaaaaaaaa"));
 }
 
 TEST_CONSTEXPR_CXX20 bool test() {

From cea35a3565643b6912ebd6d5ac55c01f00ae4269 Mon Sep 17 00:00:00 2001
From: Advenam Tacet <advenam.tacet@trailofbits.com>
Date: Thu, 25 Jan 2024 17:40:41 +0100
Subject: [PATCH 3/3] additional test case

---
 .../string.modifiers/string_append/pointer_size.pass.cpp | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/libcxx/test/std/strings/basic.string/string.modifiers/string_append/pointer_size.pass.cpp b/libcxx/test/std/strings/basic.string/string.modifiers/string_append/pointer_size.pass.cpp
index 514c8c9e679d2..41d4f1114c05b 100644
--- a/libcxx/test/std/strings/basic.string/string.modifiers/string_append/pointer_size.pass.cpp
+++ b/libcxx/test/std/strings/basic.string/string.modifiers/string_append/pointer_size.pass.cpp
@@ -53,6 +53,15 @@ TEST_CONSTEXPR_CXX20 void test_string() {
        "aaaaaaaaaa",
        10,
        S("1234567890123456789012345678901234567890aaaaaaaaaa"));
+  test(S("1234567890123456789012345678901234567890"),
+       "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+       "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+       "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+       300,
+       S("1234567890123456789012345678901234567890aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+         "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+         "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+         "aaaaaaaaaaaaa"));
 }
 
 TEST_CONSTEXPR_CXX20 bool test() {