Opened 12 years ago
Last modified 11 years ago
#4772 reopened Bugs
binary_buffer_iprimitive fails on vector access when reading in zero length item at end of buffer_
| Reported by: | Owned by: | Matthias Troyer | |
|---|---|---|---|
| Milestone: | Boost 1.46.0 | Component: | mpi |
| Version: | Boost 1.47.0 | Severity: | Problem |
| Keywords: | Cc: |
Description
When binary_buffer_iprimitive's position == buffer_.size() and binary_buffer_iprimitive::load_impl is called with l = 0, the bracket operator on buffer_ will attempt an out of bounds access. The assertion in load_impl suggests the author was aware these conditions are normal since the assertion evaluates to true. However, the parameters for the call to std::memcpy cannot be evaluated because an assertion within buffer_ fails. Changing load_impl to look like this fixes the problem:
void load_impl(void * p, int l) {
assert(position+l<=static_cast<int>(buffer_.size())); if (l) {
std::memcpy(p,&buffer_[position],l); position += l;
}
}
It looks like the bug should also exist in Boost's trunk, but I cannot get the software I'm working on to build with Boost 1.44 and newer, but that is another issue.
Change History (4)
comment:1 by , 12 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 12 years ago
| Milestone: | To Be Determined → Boost-1.46.0 |
|---|
comment:3 by , 12 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
comment:4 by , 11 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
| Version: | Boost 1.43.0 → Boost 1.47.0 |
Bug is fixed in SVN trunk, but not in 1.47.0 or 1.46.1. Will it be merged for 1.48?
Fixed in changeset [66785]