Subject: Re: [boost] [locale] review part 2.2: source
From: Steven Watanabe (watanabesj_at_[hidden])
Date: 2011-04-15 12:58:37
-----BEGIN PGP SIGNED MESSAGE-----
On 04/15/2011 07:04 AM, Artyom wrote:
>> line 311: How do you know that there's a null-terminator?
> Promised by the file format.
Well, all input to a program needs to
be validated. It looks like you've
already handled most of these issues,
(at least to the point where the message
system won't read outside the memory it owns)
>> lines 440, 442: You're assuming that the string is
>> null terminated.
>> What if the file is incorrectly
>> formatted? It may be possible to read past
>> the end of the allocated block. I haven't
>> actually worked through the exact code path
>> to trigger this condition, but it seems suspicious.
> It is the requirement of the format, it is designed to
> be loaded as is to memory and be useful.
> So I don't check every possible string as it allows
> to load files much faster.
> In any case when I load file I put 1 extra 0 at the end
> so at some point it will be terminated
Okay. I see that now.
>> line 475: You're assuming that the separator
>> actually appears.
> std::string::npos is maximal value of size_t
> so substr just get bigger sub string. May be
> not 100% clear but this code does what it should.
Okay. I jut checked the standard, and
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
-----END PGP SIGNATURE-----
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk