Boost logo

Boost :

Subject: Re: [boost] [serialization] Enum loading may lead to uninitialized value [Ask for change]
From: Andrey Upadyshev (oliora_at_[hidden])
Date: 2009-05-18 05:47:47


Steven Watanabe wrote:
> AMDG
>
> Andrey Upadyshev wrote:
>> I found that template boost::archive::detail::load_enum_type
>> (boost\archive\detail\iserializer.hpp) may overvrite loading enum's
>> value with uninitialized ones. See comments:
>>
>> template<class Archive, class T>
>> struct load_enum_type {
>> static void invoke(Archive &ar, T &t){
>> int i; // Initialize 'i' with trash
>> ar >> boost::serialization::make_nvp(NULL, i); //
>> Imagine: some code in archive skips loading
>> t = static_cast<T>(i); // Ooops, get the trash into 't'
>> }
>> };
>>
>> I think it is more secure to initialize 'i' from 't'. So, if
>> archive's code skips loading, we just get 't' unchanged instead of
>> corrupted.
>> Probably, someone can fix this in svn?
>
> Why should an archive skip loading? If it fails for some reason,
> it ought to throw an exception. If this is really an important use
> case, the entire library will probably need to be reviewed as I highly
> doubt that it was written with that in mind.
Imagine an archive that deserializes from some DOM-like tree (builded
from XML or JSON or probably some other document format) in 'non-strict'
mode. 'Non-strict' mode means that archive just skips deserialization of
nonexistance tree nodes (and keep values that refers (throught the nvp)
to this nodes (and all subnodes) unchanged).
> Also, all that the archive will see is the load of an int. How can
> it possibly distinguish loading an int that it can safely skip from
> loading an int that is needed to parse the archive format correctly?
It doesn't need to distinguish, it is just skips regardless of type.

Now I have an JSON-archive with described 'non-strict' deserialization
behaviour. I use it for JSON-RPC realization and for loading user's
config files. And for any types except enums it is works well.
Hm... probably, I try to use serialization library not for its purpose?

Andrey Upadyshev


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk