Return-Path: 
 <stdcxx-dev-return-5130-apmail-incubator-stdcxx-dev-archive=incubator.apache.org@incubator.apache.org>
Delivered-To: apmail-incubator-stdcxx-dev-archive@www.apache.org
Received: (qmail 9185 invoked from network); 20 Sep 2007 19:56:08 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 20 Sep 2007 19:56:08 -0000
Received: (qmail 8964 invoked by uid 500); 20 Sep 2007 19:56:00 -0000
Delivered-To: apmail-incubator-stdcxx-dev-archive@incubator.apache.org
Received: (qmail 8950 invoked by uid 500); 20 Sep 2007 19:56:00 -0000
Mailing-List: contact stdcxx-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:stdcxx-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:stdcxx-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:stdcxx-dev@incubator.apache.org>
List-Id: <stdcxx-dev.incubator.apache.org>
Reply-To: stdcxx-dev@incubator.apache.org
Delivered-To: mailing list stdcxx-dev@incubator.apache.org
Received: (qmail 8939 invoked by uid 99); 20 Sep 2007 19:55:59 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Sep 2007 12:55:59 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: local policy)
Received: from [208.30.140.160] (HELO moroha.quovadx.com) (208.30.140.160)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Sep 2007 19:55:59 +0000
Received: from qxvcexch01.ad.quovadx.com ([192.168.170.59])
	by moroha.quovadx.com (8.13.6/8.13.6) with ESMTP id l8KJsg6O002021
	for <stdcxx-dev@incubator.apache.org>; Thu, 20 Sep 2007 19:54:42 GMT
Received: from [10.70.3.113] ([10.70.3.113]) by qxvcexch01.ad.quovadx.com with
 Microsoft SMTPSVC(6.0.3790.1830);
	 Thu, 20 Sep 2007 13:55:35 -0600
Message-ID: <46F2D039.5070508@roguewave.com>
Date: Thu, 20 Sep 2007 13:55:37 -0600
From: Martin Sebor <sebor@roguewave.com>
Organization: Rogue Wave Software, Inc.
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
 rv:1.8.1.6) Gecko/20070802 SeaMonkey/1.1.4
MIME-Version: 1.0
To: stdcxx-dev@incubator.apache.org
Subject: Re: [PATCH] Add overflow checking to basic_string append and
 push_back
References: 
 <C8506D6098A6F545BA3745D0CE359E830194EC2E@qxvcexch01.ad.quovadx.com>
In-Reply-To: 
 <C8506D6098A6F545BA3745D0CE359E830194EC2E@qxvcexch01.ad.quovadx.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 20 Sep 2007 19:55:35.0234 (UTC)
 FILETIME=[35728A20:01C7FBC0]
X-Virus-Checked: Checked by ClamAV on apache.org

Travis Vitek wrote:
> It appears that recent changes to string have accidentally removed some
> overflow checking that used to be in the basic_string::append() and
> push_back() methods. The following patch adds the checks back in.

Does this fix a test failure? Or some regression? (If the former,
which test? If the latter, we need a test case :)

In any event, adding an if to these two performance sensitive
functions looks risky from an efficiency POV (we'd definitely
need to see before and after timings to consider the patch).

The change also seems unnecessary -- when size() equals capacity()
we check that it doesn't exceed max_size() before allocating more
memory in append(). Otherwise, when size() is less than capacity()
(or rather capacity() - 1), there should be no reason to check
against max_size() because we know that capacity() must have
been below max_size() the last time we reallocated.

Martin

> 
> Travis
> 
> 
> 2007-09-20  Travis Vitek  <vitek@roguewave.com>
> 
> 	* string (append): add integer overflow check
> 	(push_back): Same
> 
> ===================================================================
> --- string	(revision 576541)
> +++ string	(working copy)
> @@ -1088,6 +1088,11 @@
>  inline void basic_string<_CharT, _Traits, _Allocator>::
>  push_back (value_type __c)
>  {
> +    _RWSTD_REQUIRES (size () <= max_size () - 1,
> +                     (_RWSTD_ERROR_LENGTH_ERROR,
> +                      _RWSTD_FUNC ("basic_string::append(value_type)"),
> +                      size (), max_size () - 1));
> +
>      const size_type __size = size () + 1;
>  
>      if (   capacity () < __size
> @@ -1095,7 +1100,6 @@
>          append (1, __c);
>      else {
>          traits_type::assign (_C_data [size ()], __c);
> -        // append the terminating NUL character
>          traits_type::assign (_C_data [__size], value_type ());
>          _C_pref ()->_C_size._C_size = __size;
>      }
> @@ -1196,6 +1200,12 @@
>  basic_string<_CharT, _Traits, _Allocator>::
>  append (const_pointer __s, size_type __n)
>  {
> +    _RWSTD_REQUIRES (size () <= max_size () - __n,
> +                     (_RWSTD_ERROR_LENGTH_ERROR,
> +                      _RWSTD_FUNC
> ("basic_string::append(const_pointer,"
> +                                   " size_type)"),
> +                      size (), max_size () - __n));
> +
>      const size_type __newsize = size () + __n;
>  
>      if (   capacity () <= __newsize