Boost C++ Libraries: Ticket #7032: Prevent tool Bug Fix.

attachment set

g.gupta@… — Wed, 27 Jun 2012 07:11:11 GMT

attachment → regex_raw_buffer.cpp_patch

Patch file for the reported Bug.

anonymous — Thu, 28 Jun 2012 10:50:16 GMT

Can you illustrate how you think this can ever come about - it would be a breach of raw_storage's invariants for this to occur.

So either: constructor raw_storage(n) has failed to allocate memory - in which case existing assert in constructor should have failed. Or Previous call to raw_storage::resize failed to allocate memory in which case existing assert should have failed.

Of course adding the extra assert doesn't harm, I'm just not sure that it actually does what you think ;-)

g.gupta@… — Fri, 29 Jun 2012 06:19:10 GMT

This extra assert take care of situation when start is 0 (null) and datasize is not zero. In that case Memcpy will crash because the source is null but data size is not zero.

example of memcpy behaviour

memcpy(p1, NULL, 0); No error

memcpy(p1, NULL, 1); Crash as memcpy function will read 1 byte at null location

The patch which we provided takes care of this situation. This is possible that start is zero and datasize is non zero and it is obvious that adding the extra assert doesn't harm :-)

status changed; resolution set

John Maddock — Sat, 07 Jul 2012 12:14:11 GMT

status new → closed
resolution → fixed

(In [79333]) Add check before copying data. Fixes #7032.

John Maddock — Mon, 16 Jul 2012 08:38:29 GMT

(In [79556]) Merge collected bug fixes from Trunk: Refs #589. Refs #7032. Refs #7084. Refs #6346.