#7032 closed Bugs (fixed)
Prevent tool Bug Fix.
| Reported by: | Owned by: | John Maddock | |
|---|---|---|---|
| Milestone: | To Be Determined | Component: | regex |
| Version: | Boost 1.50.0 | Severity: | Problem |
| Keywords: | Cc: | yogen.saini@… |
Description
In file boost_1_50_0_beta1/libs/regex/src/regex_raw_buffer.cpp
std::memcpy(ptr, start, datasize);
If start is NULL but datasize is not zero, then it is a segmentation fault.This is a rare situation but can happen in some scenario. Attached patch is the fix for it. This problem also persists in latest beta code.
Attachments (1)
Change History (5)
by , 10 years ago
| Attachment: | regex_raw_buffer.cpp_patch added |
|---|
comment:1 by , 10 years ago
Can you illustrate how you think this can ever come about - it would be a breach of raw_storage's invariants for this to occur.
So either: constructor raw_storage(n) has failed to allocate memory - in which case existing assert in constructor should have failed. Or Previous call to raw_storage::resize failed to allocate memory in which case existing assert should have failed.
Of course adding the extra assert doesn't harm, I'm just not sure that it actually does what you think ;-)
comment:2 by , 10 years ago
This extra assert take care of situation when start is 0 (null) and datasize is not zero.
In that case Memcpy will crash because the source is null but data size is not zero.
example of memcpy behaviour
memcpy(p1, NULL, 0); No error
memcpy(p1, NULL, 1); Crash as memcpy function will read 1 byte at null
location
The patch which we provided takes care of this situation. This is possible that start is zero and datasize is non zero and it is obvious that adding the extra assert doesn't harm :-)
comment:3 by , 10 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Patch file for the reported Bug.