Subject: [Boost-bugs] [Boost C++ Libraries] #4154: Posix_time_zone_base constructor dereferences invalid iterator
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2010-04-27 15:02:22
#4154: Posix_time_zone_base constructor dereferences invalid iterator
------------------------------------------------+---------------------------
Reporter: Jason Pettiss <jpettiss@…> | Owner: az_sw_dude
Type: Bugs | Status: new
Milestone: Boost 1.43.0 | Component: date_time
Version: Boost Development Trunk | Severity: Problem
Keywords: |
------------------------------------------------+---------------------------
The constructor taking a string segfaults if the string does not contain
an appropriate number of commas for the specific timezone format. The
calling code shouldn't have to know how many commas are appropriate; an
exception should be thrown if there are not enough.
{{{
posix_time_zone_base(const string_type& s) ... {
const char_type sep_chars[2] = {','};
char_separator_type sep(sep_chars);
tokenizer_type tokens(s, sep);
tokenizer_iterator_type it = tokens.begin();
calc_zone(*it++); //Here if ""
if(has_dst_){
string_type tmp_str = *it++; //Here if "EST5EDT"
calc_rules(tmp_str, *it); //Here if "EST5EDT,M3.5.0/2"
}
}
}}}
The iterator {{{it}}} should be checked against {{{tokens.end()}}}.
Sample code to demonstrate:
{{{
#include <iostream>
#include <boost/date_time/posix_time/posix_time.hpp>
#include <boost/date_time/local_time/local_time.hpp>
int main() {
using namespace boost::local_time;
using namespace boost::posix_time;
try {
std::string badtzstr("EST5EDT");
time_zone_ptr tz;
tz = time_zone_ptr(new posix_time_zone(badtzstr));
}
catch (const std::exception& e) {
std::cout << "passed: " << e.what() << std::endl;
}
return 0;
}
}}}
Results under a checked build:
{{{
Assertion failed: valid_, file
c:/bwaysource/vendor/boost_1_40_0\boost/token_iterator.hpp, line 51
This application has requested the Runtime to terminate it in an unusual
way.
Please contact the application's support team for more information.
}}}
A workaround is to scan for non-digits, digits, non-digits up to the end
of string or first comma, and if matched, only construct the timezone if
the string contains at least two commas (otherwise just check that the
string is non-empty).
-- Ticket URL: <https://svn.boost.org/trac/boost/ticket/4154> Boost C++ Libraries <http://www.boost.org/> Boost provides free peer-reviewed portable C++ source libraries.
This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:03 UTC