From stdcxx-dev-return-5140-apmail-incubator-stdcxx-dev-archive=incubator.apache.org@incubator.apache.org Thu Sep 20 22:59:16 2007 Return-Path: Delivered-To: apmail-incubator-stdcxx-dev-archive@www.apache.org Received: (qmail 69004 invoked from network); 20 Sep 2007 22:59:16 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 20 Sep 2007 22:59:16 -0000 Received: (qmail 54235 invoked by uid 500); 20 Sep 2007 22:59:07 -0000 Delivered-To: apmail-incubator-stdcxx-dev-archive@incubator.apache.org Received: (qmail 54227 invoked by uid 500); 20 Sep 2007 22:59:07 -0000 Mailing-List: contact stdcxx-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: stdcxx-dev@incubator.apache.org Delivered-To: mailing list stdcxx-dev@incubator.apache.org Received: (qmail 54216 invoked by uid 99); 20 Sep 2007 22:59:07 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Sep 2007 15:59:07 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [208.30.140.160] (HELO moroha.quovadx.com) (208.30.140.160) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Sep 2007 22:59:07 +0000 Received: from qxvcexch01.ad.quovadx.com ([192.168.170.59]) by moroha.quovadx.com (8.13.6/8.13.6) with ESMTP id l8KMwE25006608 for ; Thu, 20 Sep 2007 22:58:14 GMT X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [PATCH] Add overflow checking to basic_string append and push_back Date: Thu, 20 Sep 2007 16:58:58 -0600 Message-ID: In-Reply-To: <46F2F6B8.4060304@roguewave.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [PATCH] Add overflow checking to basic_string append and push_back Thread-Index: Acf713ZBqXrCNLYISbGsaF3pCqET6wAAG0xg References: <46F2D039.5070508@roguewave.com> <46F2F6B8.4060304@roguewave.com> From: "Travis Vitek" To: X-Virus-Checked: Checked by ClamAV on apache.org =20 Martin Sebor wrote: > >Travis Vitek wrote: >>=20 >> If that is the case, then why would we possibly need this=20 >> same code in any of the other methods that are used to extend >> the original string? > >I don't think we do, really. I suspect the main reason why the >code is in all other (out-of-line) modifiers is so we can throw >the exception from function that is called directly by program >rather than from the one that happens to be called from it to >do the real work (all roads lead to replace()). > The problem I see is this... // if you do this calculation without checking for overflow // you may be surprised when __size becomes smaller than // capacity. [240 + 20 =3D 6] // const size_type __size =3D size () + __n; // if we get here and capacity () is 240, but __size is 6 // replace() won't be called. if ( capacity () <=3D __size || size_type (1) < size_type (_C_pref ()->_C_get_ref ())) return replace (size (), size_type (), __s, __n); // and we will copy past the end of _C_data traits_type::copy (_C_data + size (), __s, __n); // then throw a null terminator down traits_type::assign (_C_data [__size], value_type ()); // and record the wrong size _C_pref ()->_C_size._C_size =3D __size; With the default std::string/wstring, there isn't really a problem because the allocator fails before size_type will overflow, but that doesn't mean it isn't a problem. Travis > >I think the test case has some problems but I just saw your >update so I'll follow up on it there. > >Martin >