Subject: Re: [Boost-bugs] [Boost C++ Libraries] #7745: text_iarchive crashes on invalid data
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2012-12-12 22:28:48
#7745: text_iarchive crashes on invalid data
-------------------------------+--------------------------------------------
Reporter: anonymous | Owner: ramey
Type: Patches | Status: new
Milestone: To Be Determined | Component: serialization
Version: Boost 1.52.0 | Severity: Problem
Resolution: | Keywords:
-------------------------------+--------------------------------------------
Comment (by Igor Vagulin <ivagulin@…>):
Yes, archive was incorrect(it was "**nonexistent-key**", redis-cplusplus-
client use it as mark of non existent key). I expect some kind of
exception, but I get program which tries to allocate 2**30 of ram. With my
patch I get std::bad_alloc. I believe it is much better behaviour.
Maybe my explanations not very clear. Here what I get step by step:
text_iarchive_impl<Archive>::load(std::string &s){
std::size_t size; //here size set to some junk from stack, in my bad
case it was -1
* this->This() >> size; //libstdc++, gcc4.4 didn't set size, it still
~2**30
is.get();
s.resize(size); //allocation of size set to -1
...
}
Only downside of this patch I can imagine is mostly unneeded
initialization of variable, but:
- I wasn't able to measure it
- Increase in stability outweight this in my opinion
-- Ticket URL: <https://svn.boost.org/trac/boost/ticket/7745#comment:4> Boost C++ Libraries <http://www.boost.org/> Boost provides free peer-reviewed portable C++ source libraries.
This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:11 UTC