Subject: [Boost-bugs] [Boost C++ Libraries] #7745: text_iarchive crashes on invalid data
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2012-11-28 09:57:25
#7745: text_iarchive crashes on invalid data
-----------------------+----------------------------------------------------
Reporter: anonymous | Type: Bugs
Status: new | Milestone: To Be Determined
Component: None | Version: Boost 1.52.0
Severity: Problem | Keywords:
-----------------------+----------------------------------------------------
Following code randomly trigger OOM if "in" parameter not starting with
number.
{{{
template <typename Type>
void
from_string(const std::string in, Type &out)
{
std::stringstream ss(in);
boost::archive::text_iarchive ia(ss);
ia >> boost::serialization::make_nvp("obj", out);
}
}}}
This is linux box(gcc compiler and libstdc++) so real allocation starts in
memset, not in new. Here is backtrace which cause it.
{{{
#0 0x0000003a48c7a203 in memset () from /lib64/libc.so.6
#1 0x0000003fa449cce2 in std::basic_string<char, std::char_traits<char>,
std::allocator<char> >::append(unsigned long, char) () from
/usr/lib64/libstdc++.so.6
#2 0x00002aaaaab03b89 in resize (this=0x7fffffffe3a0, s="")
at /usr/lib/gcc/x86_64-redhat-
linux/4.1.2/../../../../include/c++/4.1.2/bits/basic_string.h:629
#3
boost::archive::text_iarchive_impl<boost::archive::text_iarchive>::load (
this=0x7fffffffe3a0, s="") at
./boost/archive/impl/text_iarchive_impl.ipp:55
#4 0x00002aaaaab03c44 in load_primitive<boost::archive::text_iarchive,
std::basic_string<char, std::char_traits<char>, std::allocator<char> > >
(this=0x2aab59734fb0)
at ./boost/archive/detail/iserializer.hpp:107
#5 invoke<std::basic_string<char, std::char_traits<char>,
std::allocator<char> > > (
this=0x2aab59734fb0) at ./boost/archive/detail/iserializer.hpp:338
#6 invoke<std::basic_string<char, std::char_traits<char>,
std::allocator<char> > > (
this=0x2aab59734fb0) at ./boost/archive/detail/iserializer.hpp:415
#7 load<boost::archive::text_iarchive, std::basic_string<char,
std::char_traits<char>, std::allocator<char> > > (this=0x2aab59734fb0) at
./boost/archive/detail/iserializer.hpp:554
#8 load_override<std::basic_string<char, std::char_traits<char>,
std::allocator<char> > > (
this=0x2aab59734fb0) at ./boost/archive/detail/common_iarchive.hpp:61
#9 load_override<std::basic_string<char, std::char_traits<char>,
std::allocator<char> > > (
this=0x2aab59734fb0) at ./boost/archive/basic_text_iarchive.hpp:62
#10 load_override<std::basic_string<char, std::char_traits<char>,
std::allocator<char> > > (
this=0x2aab59734fb0) at ./boost/archive/text_iarchive.hpp:66
#11 operator>><std::basic_string<char, std::char_traits<char>,
std::allocator<char> > > (
this=0x2aab59734fb0) at
./boost/archive/detail/interface_iarchive.hpp:61
#12
boost::archive::basic_text_iarchive<boost::archive::text_iarchive>::init (
this=0x2aab59734fb0) at
./boost/archive/impl/basic_text_iarchive.ipp:50
#13 0x00002aaaaab03fb8 in
boost::archive::text_iarchive_impl<boost::archive::text_iarchive>::text_iarchive_impl
(this=0x7fffffffe3a0, is=<value optimized out>, flags=0)
at ./boost/archive/impl/text_iarchive_impl.ipp:123
#14 0x000000000043fe16 in boost::archive::text_iarchive::text_iarchive
(this=0x7fffffffe3a0,
is_=..., flags=0) at /usr/include/boost/archive/text_iarchive.hpp:115
#15 0x0000000000440549 in from_string<log_info_t>
}}}
-- Ticket URL: <https://svn.boost.org/trac/boost/ticket/7745> Boost C++ Libraries <http://www.boost.org/> Boost provides free peer-reviewed portable C++ source libraries.
This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:11 UTC