Menu
▾
▴
[ loki-lib-Bugs-1515809 ] loki-lib 0.1.5 SafeFormat.h write bug
|
From: SourceForge.net <no...@so...> - 2006-07-03 10:02:10
|
Bugs item #1515809, was opened at 2006-07-02 12:53 Message generated for change (Comment added) made by syntheticpp You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=396644&aid=1515809&group_id=29557 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None >Status: Closed >Resolution: Accepted Priority: 5 Submitted By: Nobody/Anonymous (nobody) >Assigned to: Peter Kuemmel (syntheticpp) Summary: loki-lib 0.1.5 SafeFormat.h write bug Initial Comment: I'm very sorry that my English is poor, but I really want to explain it exactly. In the template write function which is annotated as "Write to a fixed-size buffer", there is a bug. the snippets codes is as follow: if (from + s.second > to) throw std::overflow_error (""); I think it should be like this: if (s.second < to - from) throw std::overflow_error (""); My demo codes is as follow: #include <utility> #include <string> #include <cassert> template <class Char> void write(std::pair<Char*, std::size_t>& s, const Char* from, const Char* to) { assert(from <= to); if (from + s.second > to) throw std::overflow_error(""); s.first = std::copy(from, to, s.first); s.second -= to - from; } int main() { char ch[20]; std::size_t n = 20; std::pair<char*, std::size_t> p( ch, n ); std::string s( "1234567890" ); write( p, &*s.begin(), &*(--s.end()) ); return 0; } ---------------------------------------------------------------------- >Comment By: Peter Kuemmel (syntheticpp) Date: 2006-07-03 12:02 Message: Logged In: YES user_id=1159765 I've no problem understanding your English, I'm also not a nativ speaker. And aes, you are right, seems this is a bug. The logic should be: Throw an exception when 'to' is beyond 'from' plus the size of the buffer, because then the string does not fit into the buffer. I've fixed it. Many thanks, Peter Index: SafeFormat.h =================================================================== RCS file: /cvsroot/loki-lib/loki/include/loki/SafeFormat.h,v retrieving revision 1.26 retrieving revision 1.27 diff -u -d -r1.26 -r1.27 --- SafeFormat.h 28 Jun 2006 08:04:21 -0000 1.26 +++ SafeFormat.h 3 Jul 2006 09:55:19 -0000 1.27 @@ -61,8 +61,11 @@ template <class Char> void write(std::pair<Char*, std::size_t>& s, const Char* from, const Char* to) { assert(from <= to); - if (from + s.second > to) throw std::overflow_error(""); - s.first = copy(from, to, s.first); + if(from + s.second < to) + throw std::overflow_error(""); + // s.first: position one past the final copied element + s.first = std::copy(from, to, s.first); + // remaining buffer size s.second -= to - from; } @@ -573,6 +576,9 @@ #endif //SAFEFORMAT_H_ // $Log$ +// Revision 1.27 2006/07/03 09:55:19 syntheticpp +// fix wrong buffer size check +// // Revision 1.26 2006/06/28 08:04:21 syntheticpp // use standard conforming naming, SUN's compiler needs it // ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=396644&aid=1515809&group_id=29557 |