Opened 14 years ago
Closed 14 years ago
#2685 closed Bugs (wontfix)
[serialization][variant]Deserializing 'which' should check for values less than 0
| Reported by: | Owned by: | Robert Ramey | |
|---|---|---|---|
| Milestone: | Boost 1.38.0 | Component: | serialization |
| Version: | Boost 1.37.0 | Severity: | Problem |
| Keywords: | Cc: |
Description
In <boost/serialization/variant.hpp>:
template<class Archive, BOOST_VARIANT_ENUM_PARAMS(/* typename */ class T)>
void load(
Archive & ar,
boost::variant<BOOST_VARIANT_ENUM_PARAMS(T)>& v,
unsigned int version
){
int which;
typedef BOOST_DEDUCED_TYPENAME boost::variant<BOOST_VARIANT_ENUM_PARAMS(T)>::types types;
ar >> BOOST_SERIALIZATION_NVP(which);
if(which >= mpl::size<types>::value)
// this might happen if a type was removed from the list of variant types
boost::serialization::throw_exception(
boost::archive::archive_exception(
boost::archive::archive_exception::unsupported_version
)
);
//...
Since 'which' is an int, there should be a check and an exception thrown if which < 0.
Note:
See TracTickets
for help on using tickets.
how could which ever be less than zero? If this were to occur, there is a fundamental programmer error from which no recovery is possible.
maybe an assert would be appropriate - but throwing an exception would not be.
In fact, this makes me question the usage of throwing an exception in the current code. This means that the programmer has removed a type from the variant which is still used in some archives. At this point, one cannot not expect to be able to load old archives.
Robert Ramey