Subject: Re: [boost] [serialization] Binary iarchive invalid signature
From: Robert Ramey (ramey_at_[hidden])
Date: 2010-05-25 12:38:31
Gevorg Voskanyan wrote:
>> Binary iarchive is supposed to throw invalid_signature
>> archive_exception when the archive content doesn't start with the
>> expected signature. However in some cases a different behavior is
>> observed when trying to load from an invalid archive. For example,
>> if the supposed signature size being read ends up a huge number (can
>> easily happen trying to load from an arbitrary file not created with
>> Boost.Serialization), the program spends a few seconds on line 111
>> of basic_binary_iprimitive.ipp (s.resize(l);) allocating a big chunk
>> of memory to read the signature into, then tries to read that many
>> bytes from the stream, which, assuming the file is not that large,
>> reads less bytes than requested so it all ends up throwing
>> archive_exception(stream_error) at basic_binary_iprimitive.hpp:164.
>> Another exa mple is when the 'signature size' being read happens to
>> be a larger number still, then s.resize(l); throws std::bad_alloc
>> when in fact the user would want to get
>> archive_exception(invalid_signature) instead.
>> I've attached a patch for archive/impl/basic_binary_iarchive.ipp
>> against Boost 1.43 version that fixes the problem for me.
Looks worthy of consideration - post this as a track item.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk