segm. fault during std::string (STLport 5.0.2) serialization

[simmeone]

There is an segmentation fault during STLport5.0.2
std::string object serialization.

It is probably caused by new implementation of
std::string. Now, one of possible implementation of
_String_base class contains members:
_M_buffers - union, wich holds dynamic char buffer
_M_Finish - pointer to end of string in dynamic buffer

In this case it represents our string, as a chain of
chars, which is not ended with null separator. For
example in my debbuger string "Un." is represented as:

+_M_buffers._M_dynamic_buf	0x00378958 "Un.' 'data same
as trigger' parameter is not set, 'use as data' cannot
be changed.ÍÍÍÍÍÍWhen 'data same as trigger' parameter
is not set, 'use as data' cannot be changed.ÍÍÍÍÍÍ`Š7"
char *

-_M_finish	0x0037895b "' 'data same as trigger'
parameter is not set, 'use as data' cannot be
changed.ÍÍÍÍÍÍWhen 'data same as trigger' parameter is
not set, 'use as data' cannot be changed.ÍÍÍÍÍÍ`Š7"	char *

During serialization, there is used std::copy
algorithm, which use template class escape, as an
iterator, to iterate through the string.

in file: ../boost/archive/iterators/escape.hpp we see
function:

void increment(){
        if(++m_bnext < m_bend){
            m_current_value = *m_bnext;
            return;
        }
        ++(this->base_reference());
        m_bnext = NULL;
        m_bend = NULL;
        m_current_value = (static_cast<Derived
*>(this))->fill(m_bnext, m_bend);
}

When iterator points to last char in string, and then
is incremented, it points to next char in dynamic
buffer _M_buffers._M_dynamic_buf - in our example with
string "Un." it points to apostrof character '\''. Then
function "fill" modifies "m_bnext" and "m_bend",
because of character '\''. In the next step, function
"equal" is called, to check if copy algorithm should be
stopped or not.

bool equal(const this_t & rhs) const {       
        return 
            NULL == m_bnext
            && NULL == m_bend
            && this->base_reference() ==
rhs.base_reference()
        ;
}

And because of m_bnext and m_bend are not NULL's, copy
algorithm is not stopped and goes on. It leads to
segmentation fault.

[Robert Ramey]

Logged In: YES 
user_id=396141

Thank you for submitting a bug report to BOOST

[Robert Ramey]

Logged In: YES 
user_id=396141

Thank you for finding this.  I realize that it's takes 
significant effort and I appreciated it.  I've seen this 
show up on tests but couldn't get stlport 5.0 working on my 
system in order to able to track it down.  Now I understand 
the problem from your explanation.  I'm not sure yet how to 
fix it.  I'm not sure how long it will take - thanks again.

Robert Ramey

[sf-robot]

Logged In: YES 
user_id=1312539

This Tracker item was closed automatically by the system. It was
previously set to a Pending status, and the original submitter
did not respond within 14 days (the time period specified by
the administrator of this Tracker).