stdcxx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Sebor <se...@roguewave.com>
Subject Re: 21.string.replace length_error (win32, msvc-7.1)
Date Wed, 26 Apr 2006 01:05:11 GMT
Anton Pevtsov wrote:
> The following code fails with access violation (segmentation fault on
> Linux) error on Win32, MSVC-7.1 (Suse Linux, gcc 4.0.2)

Strictly speaking, the behavior of this program is undefined
since this overload of replace is specified to return

     s.replace (0, 1, string ("a", s.max_size() + 1))

and the expression string ("a", s.max_size() + 1) has undefined
semantics due to the array "a" having fewer than the number of
elements specified by the second argument.

But from a QoI standpoint, since we don't actually invoke the
ctor to create the temporary string from the array, we could
detect and avoid the (potential) undefined behavior and throw
the appropriate exception instead.

Could you open a Jira issue and reference this thread in the
archive in it?

Thanks
Martin

> 
> #include <iostream>
> #include <string>
> #include <stdexcept>
> 
> static char long_string [4096] = {'a'};
> 
> int main (void)
> {
>     try 
>     {
>         std::string s (long_string, 4095);
>         s.replace (0, 1, "a", s.max_size () + 1);
> 
>         std::cout << "Expect length error, got nothing" << '\n';
>     }
>     catch (std::length_error& e)
>     {
>         std::cout << "Got expected length error" << '\n';
>     }
> 
>     return 0;
> }
> 
> 
> I suspect a bug in replace implementation, string.cc line 327:
> The check 
> 
> __size0 - __xlen <= max_size () - __n2
> 
> is not enough in this case.
> 
> 
> Could you take a look when you have a chance, please?
> 
> 
> Thanks,
> Anton Pevtsov


Mime
View raw message