|
|
Boost : |
Subject: Re: [boost] [locale] review part 2.2: source
From: Steven Watanabe (watanabesj_at_[hidden])
Date: 2011-04-15 12:58:37
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
AMDG
On 04/15/2011 07:04 AM, Artyom wrote:
>> line 311: How do you know that there's a null-terminator?
>>
>
> Promised by the file format.
>
Well, all input to a program needs to
be validated. It looks like you've
already handled most of these issues,
(at least to the point where the message
system won't read outside the memory it owns)
>>
>> lines 440, 442: You're assuming that the string is
>> null terminated.
>> What if the file is incorrectly
>> formatted? It may be possible to read past
>> the end of the allocated block. I haven't
>> actually worked through the exact code path
>> to trigger this condition, but it seems suspicious.
>>
>
> It is the requirement of the format, it is designed to
> be loaded as is to memory and be useful.
>
> So I don't check every possible string as it allows
> to load files much faster.
>
> In any case when I load file I put 1 extra 0 at the end
> so at some point it will be terminated
>
Okay. I see that now.
>
>> line 475: You're assuming that the separator
>> actually appears.
>
> std::string::npos is maximal value of size_t
> so substr just get bigger sub string. May be
> not 100% clear but this code does what it should.
>
Okay. I jut checked the standard, and
it's okay.
In Christ,
Steven Watanabe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBAgAGBQJNqHk9AAoJEDTBQuhymLHSnYUH/jClxMci4tAOO40pGVbxRmBn
FO9eokCHOxTk1D95+sCLEYVaihN3QV80o4Ry1dOB5EXevil8w3RYoE0Lnp9xZ+Za
MshJisavzcgwy0OZ/LnRKcbVVfIrXrYKavXqsKM2dkCylHQCNp0vH/2uV+TZDtlJ
IHeUHsra/iQQnwJn3+Wd/9SkjOoh2y7oXj0nIApm2/Ov/mIUzEeM7x7eQpjzmLW3
GiinENUv4UQSa5QSm/rXp0t7iaJ/T3fIvHCgJkqjmhKNg0WG9zqd03VK7m7FuiAP
7ztjSJW+h7zYivglUxhuQVWZiC30cAxB4R7KIyL6COICBg++aRVqHGs9H4oBS8I=
=6Ap/
-----END PGP SIGNATURE-----
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk