id summary reporter owner description type status milestone component version severity resolution keywords cc 13111 Out-of-bounds access for asio consuming buffers ben@… chris_kohlhoff " I have not seen a fix for this in Github for the latest version https://github.com/boostorg/asio/blob/develop/include/boost/asio/detail/consuming_buffers.hpp The issue was found by a coverity scan. All calls to buffers_.end() are being flagged as out-of-bounds access, there is potential for memory corruption here. Coverity is flagging these as High Impacting. Coverity output is below: {{{ 207  // Get a forward-only iterator to the first element. 208  const_iterator begin() const 209  {     1. address_of: Taking address with this->buffers_ yields a singleton pointer.     CID 336466: Out-of-bounds access (ARRAY_VS_SINGLETON)2. callee_ptr_arith: Passing this->buffers_ to function end which uses it as an array. This might corrupt or misinterpret adjacent memory locations. 210    return const_iterator(at_end_, first_, 211        begin_remainder_, buffers_.end(), max_size_); 212  } 213 … 226  // Consume the specified number of bytes from the buffers. 227  void consume(std::size_t size) 228  { 229    // Remove buffers from the start until the specified size is reached.     1. Condition size > 0, taking true branch.     2. Condition !this->at_end_, taking true branch. 230    while (size > 0 && !at_end_) 231    {     3. Condition boost::asio::buffer_size(this->first_) <= size, taking true branch. 232      if (buffer_size(first_) <= size) 233      { 234        size -= buffer_size(first_);     4. address_of: Taking address with this->buffers_ yields a singleton pointer.     CID 336464: Out-of-bounds access (ARRAY_VS_SINGLETON)5. callee_ptr_arith: Passing this->buffers_ to function end which uses it as an array. This might corrupt or misinterpret adjacent memory locations. 235        if (begin_remainder_ == buffers_.end()) 236          at_end_ = true; 237        else 238          first_ = *begin_remainder_++; 239      } 240      else 241      { 242        first_ = first_ + size; 243        size = 0; 244      } 245    } … 247    // Remove any more empty buffers at the start.     12. Condition !this->at_end_, taking true branch.     13. Condition boost::asio::buffer_size(this->first_) == 0, taking true branch. 248    while (!at_end_ && buffer_size(first_) == 0) 249    {     14. address_of: Taking address with this->buffers_ yields a singleton pointer.     CID 336464: Out-of-bounds access (ARRAY_VS_SINGLETON)15. callee_ptr_arith: Passing this->buffers_ to function end which uses it as an array. This might corrupt or misinterpret adjacent memory locations. 250      if (begin_remainder_ == buffers_.end()) 251        at_end_ = true; 252      else 253        first_ = *begin_remainder_++; 254    } 255  } … }}} " Bugs new To Be Determined asio Boost 1.66.0 Problem