Opened 10 years ago
Closed 7 years ago
#6955 closed Bugs (fixed)
Spirit parse_nan() may dereference end iterator
| Reported by: | Owned by: | Joel de Guzman | |
|---|---|---|---|
| Milestone: | To Be Determined | Component: | spirit |
| Version: | Boost 1.49.0 | Severity: | Problem |
| Keywords: | nan | Cc: |
Description
The function parse_nan(first, last) will dereference the end iterator when parsing the string "nan", which may lead to undefined behavior.
File: boost/spirit/home/qi/numeric/real_policies.hpp Line: 119
This occurs for instance using the following parser:
std::string s = "nan"; auto s_begin = s.begin(); auto s_end = s.end(); double out; qi::phrase_parse(s_begin, s_end, qi::double_, ascii::space, out);
The problem occurs in parse_nan():
117: if (detail::string_parse("nan", "NAN", first, last, unused))
118: {
119: if (*first == '(')
Line 119 should check if first == last first since detail::string_parse() may increment first.
Change History (2)
comment:1 by , 7 years ago
comment:2 by , 7 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
I just stumpled over this bug as well (boost 1.54)
It is fixed in Boost 1.60 (or earlier?), i.e.,
// nan[(...)] ? if (detail::string_parse("nan", "NAN", first, last, unused)) { if (first != last && *first == '(') {So I guess ticket can be closed?