|
Boost : |
Subject: Re: [boost] [serialization] Enum loading may lead to uninitialized value [Ask for change]
From: Steven Watanabe (watanabesj_at_[hidden])
Date: 2009-05-17 01:04:32
AMDG
Andrey Upadyshev wrote:
> I found that template boost::archive::detail::load_enum_type
> (boost\archive\detail\iserializer.hpp) may overvrite loading enum's
> value with uninitialized ones. See comments:
>
> template<class Archive, class T>
> struct load_enum_type {
> static void invoke(Archive &ar, T &t){
> int i; // Initialize 'i' with trash
> ar >> boost::serialization::make_nvp(NULL, i); //
> Imagine: some code in archive skips loading
> t = static_cast<T>(i); // Ooops, get the trash into 't'
> }
> };
>
> I think it is more secure to initialize 'i' from 't'. So, if archive's
> code skips loading, we just get 't' unchanged instead of corrupted.
> Probably, someone can fix this in svn?
Why should an archive skip loading? If it fails for some reason,
it ought to throw an exception. If this is really an important use
case, the entire library will probably need to be reviewed as I highly
doubt that it was written with that in mind.
Also, all that the archive will see is the load of an int. How can
it possibly distinguish loading an int that it can safely skip from
loading an int that is needed to parse the archive format correctly?
In Christ,
Steven Watanabe
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk