stdcxx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Farid Zaripov <Far...@kyiv.vdiweb.com>
Subject rw_match can address to memory after end of string buffer
Date Tue, 04 Jul 2006 16:20:44 GMT
   I found that the rw_match function can address to the memory after 
the end of the string buffer.

   It calls __rw_get_char to get the last character and this function 
reads a character after the end of the string buffer:

char.cpp line 534:
     if ('<' == char (ch) && 'U' == src [0] && isxdigit (src [1])) {

char.cpp line 548:
     if ('@' == src [0] && isdigit (src [1])) { 


   src [0] - is the place of the fail.

   I attached the test to illustrate this problem, but it will work on 
MSVC/Windows platform only (used MSVC specific keywords).

Farid.

Mime
View raw message