Boost logo

Boost :

From: Michael Gebetsroither (michael.geb_at_[hidden])
Date: 2006-04-05 08:36:24

Hi all,

I've played a bit with boost::serialize and discoverd two problems (one
segfault and one maybe related memeory exhaustion).

demo_xml from boost::serialize examples.
I've changed the output format to text_archiv. If i increase the length of a
string in the text_archiv by 2, it gives a segfault.
All files could be found at:

 - valgrind output (demo_xml.log)
 - gdb backtrace (demo_xml_gdb_backtrace)
 - normal input file (demo.txt)
 - input file which results in segfault (demoin.txt)
     I changed the length of the string "24th Street" from 11 to 13
     same results for other strings.
 - demo_xml (compiled with -O2 -g3 for x86-32 gnu/linux, gcc 4.0.3-1)
 - the core file (core.gz)
 - and the sourcefiles demo_xml.{hpp,cpp}

Memory exhaustion:
Shows a similar problem, but with a very simple testobject (with just 2
std::string's). The output of this program should only 4 small lines but is
130MB (many printed \0).
All files could be found at:

 - valgrind output (ser.log.gz, is 67MB unzipped)
 - program output with false input file (ser_false_output.gz, ~130MB unzipped)
 - normal output file (ser_out.txt)
 - evil input file (ser_in.txt)
     the length of the first string ("test1") is incremented by 2
 - ser (compiled with -O2 -g3 for x86-32 gnu/linux, gcc 4.0.3-1)

Boost version is 1.33.1.

Hope that helps, solving this bug.

Michael Gebetsroither

Boost list run by bdawes at, gregod at, cpdaniel at, john at