Boost C++ Libraries: Ticket #4772: binary_buffer_iprimitive fails on vector access when reading in zero length item at end of buffer_ https://svn.boost.org/trac10/ticket/4772 <p> When binary_buffer_iprimitive's position == buffer_.size() and binary_buffer_iprimitive::load_impl is called with l = 0, the bracket operator on buffer_ will attempt an out of bounds access. The assertion in load_impl suggests the author was aware these conditions are normal since the assertion evaluates to true. However, the parameters for the call to std::memcpy cannot be evaluated because an assertion within buffer_ fails. Changing load_impl to look like this fixes the problem: </p> <p> void load_impl(void * p, int l) { </p> <blockquote> <p> assert(position+l&lt;=static_cast&lt;int&gt;(buffer_.size())); if (l) { </p> <blockquote> <p> std::memcpy(p,&amp;buffer_[position],l); position += l; </p> </blockquote> <p> } </p> </blockquote> <p> } </p> <p> It looks like the bug should also exist in Boost's trunk, but I cannot get the software I'm working on to build with Boost 1.44 and newer, but that is another issue. </p> en-us Boost C++ Libraries /htdocs/site/boost.png https://svn.boost.org/trac10/ticket/4772 Trac 1.4.3 Matthias Troyer Wed, 03 Nov 2010 19:39:31 GMT owner, status changed https://svn.boost.org/trac10/ticket/4772#comment:1 https://svn.boost.org/trac10/ticket/4772#comment:1 <ul> <li><strong>owner</strong> changed from <span class="trac-author">Douglas Gregor</span> to <span class="trac-author">Matthias Troyer</span> </li> <li><strong>status</strong> <span class="trac-field-old">new</span> → <span class="trac-field-new">assigned</span> </li> </ul> Ticket Matthias Troyer Wed, 03 Nov 2010 19:40:36 GMT milestone changed https://svn.boost.org/trac10/ticket/4772#comment:2 https://svn.boost.org/trac10/ticket/4772#comment:2 <ul> <li><strong>milestone</strong> <span class="trac-field-old">To Be Determined</span> → <span class="trac-field-new">Boost-1.46.0</span> </li> </ul> Ticket Matthias Troyer Sat, 27 Nov 2010 12:41:18 GMT status changed; resolution set https://svn.boost.org/trac10/ticket/4772#comment:3 https://svn.boost.org/trac10/ticket/4772#comment:3 <ul> <li><strong>status</strong> <span class="trac-field-old">assigned</span> → <span class="trac-field-new">closed</span> </li> <li><strong>resolution</strong> → <span class="trac-field-new">fixed</span> </li> </ul> <p> Fixed in changeset <a class="changeset" href="https://svn.boost.org/trac10/changeset/66785" title="Fixed tickets #4693 and #4772">[66785]</a> </p> Ticket brian.ventre@… Wed, 21 Sep 2011 18:03:39 GMT status, version changed; resolution deleted https://svn.boost.org/trac10/ticket/4772#comment:4 https://svn.boost.org/trac10/ticket/4772#comment:4 <ul> <li><strong>status</strong> <span class="trac-field-old">closed</span> → <span class="trac-field-new">reopened</span> </li> <li><strong>version</strong> <span class="trac-field-old">Boost 1.43.0</span> → <span class="trac-field-new">Boost 1.47.0</span> </li> <li><strong>resolution</strong> <span class="trac-field-deleted">fixed</span> </li> </ul> <p> Bug is fixed in SVN trunk, but not in 1.47.0 or 1.46.1. Will it be merged for 1.48? </p> Ticket