Context Navigation

#4154 closed Bugs (fixed)

Posix_time_zone_base constructor dereferences invalid iterator

Reported by:	Jason Pettiss <jpettiss@…>	Owned by:	az_sw_dude
Milestone:	Boost 1.43.0	Component:	date_time
Version:	Boost Development Trunk	Severity:	Problem
Keywords:		Cc:

Description

The constructor taking a string segfaults if the string does not contain an appropriate number of commas for the specific timezone format. The calling code shouldn't have to know how many commas are appropriate; an exception should be thrown if there are not enough.

posix_time_zone_base(const string_type& s) ... {
  const char_type sep_chars[2] = {','};
  char_separator_type sep(sep_chars);
  tokenizer_type tokens(s, sep);
  tokenizer_iterator_type it = tokens.begin();
  calc_zone(*it++); //Here if ""
  if(has_dst_){
    string_type tmp_str = *it++; //Here if "EST5EDT"
    calc_rules(tmp_str, *it); //Here if "EST5EDT,M3.5.0/2"
  }
}

The iterator it should be checked against tokens.end().

Sample code to demonstrate:

#include <iostream>
#include <boost/date_time/posix_time/posix_time.hpp>
#include <boost/date_time/local_time/local_time.hpp>

int main() {
  using namespace boost::local_time;
  using namespace boost::posix_time;
  try {
    std::string badtzstr("EST5EDT");
    time_zone_ptr tz;
    tz = time_zone_ptr(new posix_time_zone(badtzstr));
  }
  catch (const std::exception& e) {
    std::cout << "passed: " << e.what() << std::endl;
  }
  return 0;
}

Results under a checked build:

Assertion failed: valid_, file c:/bwaysource/vendor/boost_1_40_0\boost/token_iterator.hpp, line 51

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

A workaround is to scan for non-digits, digits, non-digits up to the end of string or first comma, and if matched, only construct the timezone if the string contains at least two commas (otherwise just check that the string is non-empty).

Change History (2)

comment:1 by Andrey Semashev, 12 years ago

(In [62685]) Refs #4154. Added iterator validity checks. If TZ string is not valid, the time zone constructor throws instead of crashing.

comment:2 by Andrey Semashev, 12 years ago

Resolution:	→ fixed
Status:	new → closed

(In [62751]) Fixes #4154. Added iterator validity checks. If TZ string is not valid, the time zone constructor throws instead of crashing.

Note: See TracTickets for help on using tickets.

Download in other formats: