Boost C++ Libraries: Ticket #7032: Prevent tool Bug Fix. https://svn.boost.org/trac10/ticket/7032 <p> In file boost_1_50_0_beta1/libs/regex/src/regex_raw_buffer.cpp </p> <p> std::memcpy(ptr, start, datasize); </p> <p> If start is NULL but datasize is not zero, then it is a segmentation fault.This is a rare situation but can happen in some scenario. Attached patch is the fix for it. This problem also persists in latest beta code. </p> en-us Boost C++ Libraries /htdocs/site/boost.png https://svn.boost.org/trac10/ticket/7032 Trac 1.4.3 g.gupta@… Wed, 27 Jun 2012 07:11:11 GMT attachment set https://svn.boost.org/trac10/ticket/7032 https://svn.boost.org/trac10/ticket/7032 <ul> <li><strong>attachment</strong> → <span class="trac-field-new">regex_raw_buffer.cpp_patch</span> </li> </ul> <p> Patch file for the reported Bug. </p> Ticket anonymous Thu, 28 Jun 2012 10:50:16 GMT <link>https://svn.boost.org/trac10/ticket/7032#comment:1 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/7032#comment:1</guid> <description> <p> Can you illustrate how you think this can ever come about - it would be a breach of raw_storage's invariants for this to occur. </p> <p> So either: constructor raw_storage(n) has failed to allocate memory - in which case existing assert in constructor should have failed. Or Previous call to raw_storage::resize failed to allocate memory in which case existing assert should have failed. </p> <p> Of course adding the extra assert doesn't harm, I'm just not sure that it actually does what you think ;-) </p> </description> <category>Ticket</category> </item> <item> <author>g.gupta@…</author> <pubDate>Fri, 29 Jun 2012 06:19:10 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/7032#comment:2 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/7032#comment:2</guid> <description> <p> This extra assert take care of situation when start is 0 (null) and datasize is not zero. In that case Memcpy will crash because the source is null but data size is not zero. <br /> </p> <hr /> <p> example of memcpy behaviour<br /> </p> <p> memcpy(p1, NULL, 0); <em> No error<br /> </em></p> <p> memcpy(p1, NULL, 1); <em><strong> Crash as memcpy function will read 1 byte at null location</strong> <br /> </em></p> <hr /> <p> The patch which we provided takes care of this situation. This is possible that start is zero and datasize is non zero and it is obvious that adding the extra assert doesn't harm :-) </p> </description> <category>Ticket</category> </item> <item> <dc:creator>John Maddock</dc:creator> <pubDate>Sat, 07 Jul 2012 12:14:11 GMT</pubDate> <title>status changed; resolution set https://svn.boost.org/trac10/ticket/7032#comment:3 https://svn.boost.org/trac10/ticket/7032#comment:3 <ul> <li><strong>status</strong> <span class="trac-field-old">new</span> → <span class="trac-field-new">closed</span> </li> <li><strong>resolution</strong> → <span class="trac-field-new">fixed</span> </li> </ul> <p> (In <a class="changeset" href="https://svn.boost.org/trac10/changeset/79333" title="Add check before copying data. Fixes #7032.">[79333]</a>) Add check before copying data. Fixes <a class="closed ticket" href="https://svn.boost.org/trac10/ticket/7032" title="#7032: Bugs: Prevent tool Bug Fix. (closed: fixed)">#7032</a>. </p> Ticket John Maddock Mon, 16 Jul 2012 08:38:29 GMT <link>https://svn.boost.org/trac10/ticket/7032#comment:4 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/7032#comment:4</guid> <description> <p> (In <a class="changeset" href="https://svn.boost.org/trac10/changeset/79556" title="Merge collected bug fixes from Trunk: Refs #589. Refs #7032. Refs ...">[79556]</a>) Merge collected bug fixes from Trunk: Refs <a class="closed ticket" href="https://svn.boost.org/trac10/ticket/589" title="#589: Bugs: regex_replace bug (closed: fixed)">#589</a>. Refs <a class="closed ticket" href="https://svn.boost.org/trac10/ticket/7032" title="#7032: Bugs: Prevent tool Bug Fix. (closed: fixed)">#7032</a>. Refs <a class="closed ticket" href="https://svn.boost.org/trac10/ticket/7084" title="#7084: Bugs: memory leak in fileiter.cpp (closed: fixed)">#7084</a>. Refs <a class="closed ticket" href="https://svn.boost.org/trac10/ticket/6346" title="#6346: Bugs: boost::regex::begin() and boost::regex::end() always return 0 (closed: fixed)">#6346</a>. </p> </description> <category>Ticket</category> </item> </channel> </rss>