Boost C++ Libraries: Ticket #6955: Spirit parse_nan() may dereference end iterator https://svn.boost.org/trac10/ticket/6955 <p> The function <code>parse_nan(first, last)</code> will dereference the end iterator when parsing the string "nan", which may lead to undefined behavior. </p> <pre class="wiki">File: boost/spirit/home/qi/numeric/real_policies.hpp Line: 119 </pre><p> This occurs for instance using the following parser: </p> <pre class="wiki">std::string s = "nan"; auto s_begin = s.begin(); auto s_end = s.end(); double out; qi::phrase_parse(s_begin, s_end, qi::double_, ascii::space, out); </pre><p> The problem occurs in parse_nan(): </p> <pre class="wiki">117: if (detail::string_parse("nan", "NAN", first, last, unused)) 118: { 119: if (*first == '(') </pre><p> Line 119 should check if <code>first == last</code> first since <code>detail::string_parse()</code> may increment <code>first</code>. </p> en-us Boost C++ Libraries /htdocs/site/boost.png https://svn.boost.org/trac10/ticket/6955 Trac 1.4.3 cbielow Fri, 19 Feb 2016 08:12:35 GMT <link>https://svn.boost.org/trac10/ticket/6955#comment:1 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/6955#comment:1</guid> <description> <p> I just stumpled over this bug as well (boost 1.54) </p> <p> It is fixed in Boost 1.60 (or earlier?), i.e., </p> <pre class="wiki">// nan[(...)] ? if (detail::string_parse("nan", "NAN", first, last, unused)) { if (first != last &amp;&amp; *first == '(') { </pre><p> So I guess ticket can be closed? </p> </description> <category>Ticket</category> </item> <item> <dc:creator>Joel de Guzman</dc:creator> <pubDate>Fri, 19 Feb 2016 10:50:09 GMT</pubDate> <title>status changed; resolution set https://svn.boost.org/trac10/ticket/6955#comment:2 https://svn.boost.org/trac10/ticket/6955#comment:2 <ul> <li><strong>status</strong> <span class="trac-field-old">new</span> → <span class="trac-field-new">closed</span> </li> <li><strong>resolution</strong> → <span class="trac-field-new">fixed</span> </li> </ul> Ticket