Boost C++ Libraries: Ticket #1481: transform_width may cause buffer overruns https://svn.boost.org/trac10/ticket/1481 <p> When using boost::archive::iterators::transform_width iterator for e.g. base64 encoding, and number of input bits does not fit into an integer number of output bits, the iterator dereferences an element beyond the last available. </p> <p> Consider this piece of code: </p> <pre class="wiki">typedef std::vector&lt;unsigned char&gt; bytes; bytes b; b.push_back(1); typedef base64_from_binary&lt; transform_width&lt; bytes::const_iterator, 6, sizeof(bytes::value_type) * 8, char&gt; &gt; base64; std::stringstream o; std::copy(base64(b.begin()), base64(b.end()), std::ostream_iterator&lt;char&gt;(o)); </pre><p> Provided vector::const_iterator implementation does checks against dereferencing an invalid iterator (e.g. vc8 stl), the above code will assert, because of an attempt to read the second (non-existant) element from the vector </p> en-us Boost C++ Libraries /htdocs/site/boost.png https://svn.boost.org/trac10/ticket/1481 Trac 1.4.3 Marshall Clow Wed, 28 Nov 2007 16:05:33 GMT component changed; owner set https://svn.boost.org/trac10/ticket/1481#comment:1 https://svn.boost.org/trac10/ticket/1481#comment:1 <ul> <li><strong>owner</strong> set to <span class="trac-author">Robert Ramey</span> </li> <li><strong>component</strong> <span class="trac-field-old">None</span> → <span class="trac-field-new">serialization</span> </li> </ul> Ticket Robert Ramey Fri, 30 Nov 2007 06:34:25 GMT status changed; resolution set https://svn.boost.org/trac10/ticket/1481#comment:2 https://svn.boost.org/trac10/ticket/1481#comment:2 <ul> <li><strong>status</strong> <span class="trac-field-old">new</span> → <span class="trac-field-new">closed</span> </li> <li><strong>resolution</strong> → <span class="trac-field-new">wontfix</span> </li> </ul> <p> The only way I could figure out to avoid this is not to do it. </p> <p> That is when I have this situation I can't use the end() iterator. The serialization library avoids doing this so it never has a problem. That is it counts the iterations so it never comes up. I tried but couldn't find a better way. </p> <p> Robet Ramey </p> Ticket kostic Fri, 30 Nov 2007 12:27:34 GMT status changed; resolution deleted https://svn.boost.org/trac10/ticket/1481#comment:3 https://svn.boost.org/trac10/ticket/1481#comment:3 <ul> <li><strong>status</strong> <span class="trac-field-old">closed</span> → <span class="trac-field-new">reopened</span> </li> <li><strong>resolution</strong> <span class="trac-field-deleted">wontfix</span> </li> </ul> <p> Yes, I realise this. However, there's a simple solution, albeit it changes the interface. The solution is for transform_width to take a pair of iterators (begin and end), not one, so that it knows exactly when to stop and not go over the end. </p> <p> I have seen a lot of people using transform_width for base64 encoding with std::copy, which with current implementation is what one should not do. Well, it should either not compile at all or should work as expected (in the most intuitive way) </p> <p> Thanks for a quick response by the way </p> Ticket Robert Ramey Fri, 30 Nov 2007 17:26:00 GMT status changed; resolution set https://svn.boost.org/trac10/ticket/1481#comment:4 https://svn.boost.org/trac10/ticket/1481#comment:4 <ul> <li><strong>status</strong> <span class="trac-field-old">reopened</span> → <span class="trac-field-new">closed</span> </li> <li><strong>resolution</strong> → <span class="trac-field-new">wontfix</span> </li> </ul> <p> lol the quick response is just luck. I'm now trying to address all my trac tickets. </p> <p> I crafted the interface "dataflow iterators" so that I could compose the iterators at compile time in an "natural" way. I was and am exceedingly pleased with the result - except for the transform with iterator. I couldn't figure out a way - I don't think there is one, to determine how many characters there is in the output, so I had to count the input ones (or is it vice-versa). There is an alternative in range iterators, but I didn't like the syntax and the requirement that one specifies the end "too" soon. </p> <p> I would be very suprised to find anyone using "dataflow iterators" at all. I love this concept and would like to see it used more for tuples - (hmm maybe that's what fusion is/does), but it doesn't seem that anyone else warms up to it. oh well. </p> <p> I'll look into making std::copy fail at compile time. If you're interested, feeel free to send me a suggested patch. In the mean time, please don't reopen this ticket. I'm trying to get them cleared and I can't shovel against the tide. </p> <p> Robert Ramey </p> <p> Robert Ramey </p> Ticket anonymous Mon, 03 Dec 2007 11:00:51 GMT <link>https://svn.boost.org/trac10/ticket/1481#comment:5 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/1481#comment:5</guid> <description> <p> Replying to <a class="ticket" href="https://svn.boost.org/trac10/ticket/1481#comment:4" title="Comment 4">ramey</a>: </p> <blockquote class="citation"> <p> I'll look into making std::copy fail at compile time. If you're interested, feeel free to send me a suggested patch. In the mean time, please don't reopen this ticket. I'm trying to get them cleared and I can't shovel against the tide. </p> </blockquote> <p> Well, you could put a static assert in "equal" method to stop it being ever used with this iterator. This makes sense as comparing these iterators is inherently unsafe (as it allows comparing with end) </p> </description> <category>Ticket</category> </item> <item> <dc:creator>kostic</dc:creator> <pubDate>Tue, 04 Dec 2007 13:06:22 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/1481#comment:6 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/1481#comment:6</guid> <description> <p> Replying to <a class="ticket" href="https://svn.boost.org/trac10/ticket/1481#comment:5" title="Comment 5">anonymous</a>: </p> <blockquote class="citation"> <p> Replying to <a class="ticket" href="https://svn.boost.org/trac10/ticket/1481#comment:4" title="Comment 4">ramey</a>: </p> <blockquote class="citation"> <p> I'll look into making std::copy fail at compile time. If you're interested, feeel free to send me a suggested patch. In the mean time, please don't reopen this ticket. I'm trying to get them cleared and I can't shovel against the tide. </p> </blockquote> <p> Well, you could put a static assert in "equal" method to stop it being ever used with this iterator. This makes sense as comparing these iterators is inherently unsafe (as it allows comparing with end) </p> </blockquote> <p> Also, as to people using dataflow iterators, this page promotes the exact usage you say should be avoided: <a href="http://www.boost.org/libs/serialization/doc/dataflow.html">http://www.boost.org/libs/serialization/doc/dataflow.html</a> </p> <p> Konstantin Begun </p> </description> <category>Ticket</category> </item> <item> <dc:creator>smfr at smfr.org</dc:creator> <pubDate>Sat, 25 Oct 2008 17:47:12 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/1481#comment:7 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/1481#comment:7</guid> <description> <p> Hi Robert In this mail: &lt;<a class="ext-link" href="http://lists.boost.org/boost-users/2008/09/40207.php"><span class="icon">​</span>http://lists.boost.org/boost-users/2008/09/40207.php</a>&gt; you said you'd address this problem. Are we likely to see a fix in Boost 1.37? It's still blocking me from relying on XML serialization. </p> </description> <category>Ticket</category> </item> </channel> </rss>