Boost C++ Libraries: Ticket #4635: segmentation fault in text_oarchive::save_binary()

Boost C++ Libraries: Ticket #4635: segmentation fault in text_oarchive::save_binary() https://svn.boost.org/trac10/ticket/4635 <p> It appears that text_oarchive::save_binary() reads one byte too many. In other words, save_binary(addr,len) appears to read byte addr+len. The attached program, which runs on Linux, allocates a page of zeroes with mmap(2) and then serializes the last few bytes of the page with text_oarchive::save_binary(). The result is a segmentation fault. </p> en-us Boost C++ Libraries /htdocs/site/boost.png https://svn.boost.org/trac10/ticket/4635 Trac 1.4.3 Mark Heuser <mlheuser@…> Wed, 08 Sep 2010 00:43:18 GMT attachment set https://svn.boost.org/trac10/ticket/4635 https://svn.boost.org/trac10/ticket/4635 <ul> <li><strong>attachment</strong> → <span class="trac-field-new">save_binary_bug.cpp</span> </li> </ul> <p> Linux/C++ program. </p> Ticket Robert Ramey Wed, 08 Sep 2010 17:07:09 GMT <link>https://svn.boost.org/trac10/ticket/4635#comment:1 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/4635#comment:1</guid> <description> <p> a very good example/test. As you mention - a very, very deep stack. </p> <p> Could you re-run the test with some counts which are mod 3? That is 3, 6, 9, ... </p> <p> I develop on a windows system and it would be easier to ask you to just re-run the test rather than try to recreate it here. </p> <p> Robert Ramey </p> </description> <category>Ticket</category> </item> <item> <author>mlheuser@…</author> <pubDate>Wed, 08 Sep 2010 19:45:26 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/4635#comment:2 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/4635#comment:2</guid> <description> <p> Robert, </p> <p> You are on to something. Multiples of three work fine. If there is anything else that I can do to help, don't hesitate to ask. </p> <p> -Mark </p> </description> <category>Ticket</category> </item> <item> <author>Aliaksei Plashchanski <alekseyploschanskiy@…></author> <pubDate>Wed, 21 Mar 2012 06:39:53 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/4635#comment:3 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/4635#comment:3</guid> <description> <p> I met the same issue, i debugged and found that problem is in implementation base64_from_binary. Access violation appears in file transform_width.hpp. When iterator points to the last valid byte (addr+len-1) and algorithm need one more byte to complete missing bits - it increments iterator and read after buffer. </p> <pre class="wiki">template<class Base, int BitsOut, int BitsIn, class CharType> CharType transform_width<Base, BitsOut, BitsIn, CharType>::fill(){ CharType retval = 0; unsigned int missing_bits = BitsOut; for(;;){ unsigned int bcount; if(! m_bufferfull){ m_buffer = * this->base_reference(); !!! access to byte *(addr+len) m_bufferfull = true; bcount = BitsIn; } else bcount = BitsIn - m_displacement; unsigned int i = (std::min)(bcount, missing_bits); // shift interesting bits to least significant position unsigned int j = m_buffer >> (bcount - i); // strip off uninteresting bits // (note presumption of two's complement arithmetic) j &= ~(-(1 << i)); // append then interesting bits to the output value retval <<= i; retval |= j; missing_bits -= i; if(0 == missing_bits) break; // note: suspect that this is not invoked for borland 5.51 ++(this->base_reference()); m_bufferfull = false; } return retval; } </pre> </description> <category>Ticket</category> </item> </channel> </rss>