Boost C++ Libraries: Ticket #13111: Out-of-bounds access for asio consuming buffers https://svn.boost.org/trac10/ticket/13111 <p> I have not seen a fix for this in Github for the latest version </p> <p> <a class="ext-link" href="https://github.com/boostorg/asio/blob/develop/include/boost/asio/detail/consuming_buffers.hpp"><span class="icon">​</span>https://github.com/boostorg/asio/blob/develop/include/boost/asio/detail/consuming_buffers.hpp</a> </p> <p> The issue was found by a coverity scan. All calls to buffers_.end() are being flagged as out-of-bounds access, there is potential for memory corruption here. Coverity is flagging these as High Impacting. </p> <p> Coverity output is below: </p> <pre class="wiki"> 207  // Get a forward-only iterator to the first element. 208  const_iterator begin() const 209  {     1. address_of: Taking address with this-&gt;buffers_ yields a singleton pointer.     CID 336466: Out-of-bounds access (ARRAY_VS_SINGLETON)2. callee_ptr_arith: Passing this-&gt;buffers_ to function end which uses it as an array. This might corrupt or misinterpret adjacent memory locations. 210    return const_iterator(at_end_, first_, 211        begin_remainder_, buffers_.end(), max_size_); 212  } 213 … 226  // Consume the specified number of bytes from the buffers. 227  void consume(std::size_t size) 228  { 229    // Remove buffers from the start until the specified size is reached.     1. Condition size &gt; 0, taking true branch.     2. Condition !this-&gt;at_end_, taking true branch. 230    while (size &gt; 0 &amp;&amp; !at_end_) 231    {     3. Condition boost::asio::buffer_size(this-&gt;first_) &lt;= size, taking true branch. 232      if (buffer_size(first_) &lt;= size) 233      { 234        size -= buffer_size(first_);     4. address_of: Taking address with this-&gt;buffers_ yields a singleton pointer.     CID 336464: Out-of-bounds access (ARRAY_VS_SINGLETON)5. callee_ptr_arith: Passing this-&gt;buffers_ to function end which uses it as an array. This might corrupt or misinterpret adjacent memory locations. 235        if (begin_remainder_ == buffers_.end()) 236          at_end_ = true; 237        else 238          first_ = *begin_remainder_++; 239      } 240      else 241      { 242        first_ = first_ + size; 243        size = 0; 244      } 245    } … 247    // Remove any more empty buffers at the start.     12. Condition !this-&gt;at_end_, taking true branch.     13. Condition boost::asio::buffer_size(this-&gt;first_) == 0, taking true branch. 248    while (!at_end_ &amp;&amp; buffer_size(first_) == 0) 249    {     14. address_of: Taking address with this-&gt;buffers_ yields a singleton pointer.     CID 336464: Out-of-bounds access (ARRAY_VS_SINGLETON)15. callee_ptr_arith: Passing this-&gt;buffers_ to function end which uses it as an array. This might corrupt or misinterpret adjacent memory locations. 250      if (begin_remainder_ == buffers_.end()) 251        at_end_ = true; 252      else 253        first_ = *begin_remainder_++; 254    } 255  } … </pre> en-us Boost C++ Libraries /htdocs/site/boost.png https://svn.boost.org/trac10/ticket/13111 Trac 1.4.3