incubator-stdcxx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Sebor <se...@roguewave.com>
Subject Re: rw_match can address to memory after end of string buffer
Date Tue, 04 Jul 2006 23:06:38 GMT
Farid Zaripov wrote:
>   I found that the rw_match function can address to the memory after the 
> end of the string buffer.
> 
>   It calls __rw_get_char to get the last character and this function 
> reads a character after the end of the string buffer:
> 
> char.cpp line 534:
>     if ('<' == char (ch) && 'U' == src [0] && isxdigit (src [1]))
{
> 
> char.cpp line 548:
>     if ('@' == src [0] && isdigit (src [1])) {
> 
>   src [0] - is the place of the fail.

Hmm, that does look like a subtle bug in rw_match(). Let me look
into how best to fix it.

> 
>   I attached the test to illustrate this problem, but it will work on 
> MSVC/Windows platform only (used MSVC specific keywords).

Cool! This type of a test would be useful in general (AFAIK, this
idea is behind Electric Fence). How about abstracting this into a
function that would let do the same thing in a portable way?

Martin

Mime
View raw message