[Boost-bugs] [Boost C++ Libraries] #10134: segfault -- basic_oarchive does not check class name against BOOST_SERIALIZATION_MAX_KEY_SIZE

Date view	Thread view	Subject view	Author view

Subject: [Boost-bugs] [Boost C++ Libraries] #10134: segfault -- basic_oarchive does not check class name against BOOST_SERIALIZATION_MAX_KEY_SIZE
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2014-06-19 20:06:37

Next message: Boost C++ Libraries: "[Boost-bugs] [Boost C++ Libraries] #10135: [container] flat_map::insert() is ambiguous if used with pair that requires conversion"
Previous message: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #9773: Clang configuration does not set BOOST_HAS_INT128"
Next in thread: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #10134: segfault -- basic_oarchive does not check class name against BOOST_SERIALIZATION_MAX_KEY_SIZE"
Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #10134: segfault -- basic_oarchive does not check class name against BOOST_SERIALIZATION_MAX_KEY_SIZE"
Reply: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #10134: segfault -- basic_oarchive does not check class name against BOOST_SERIALIZATION_MAX_KEY_SIZE"

#10134: segfault -- basic_oarchive does not check class name against
BOOST_SERIALIZATION_MAX_KEY_SIZE
------------------------------+---------------------------
Reporter: schnetter@â€¦ | Owner: ramey
     Type: Bugs | Status: new
Milestone: To Be Determined | Component: serialization
  Version: Boost 1.55.0 | Severity: Problem
Keywords: |
------------------------------+---------------------------
The class serialization/basic_oarchive, in the routine save_pointer, does
not check the class name against BOOST_SERIALIZATION_MAX_KEY_SIZE.
However, basic_iarchive expects that the class name in the archive is
shorter than BOOST_SERIALIZATION_MAX_KEY_SIZE (see line 441 in
serialization/basic_iarchive.cpp).

I believe the correct solution is to ensure that only short enough keys
are used as class name. This corresponds to code found in
serialization/example/portable_binary_iarchive.cpp, which aborts on keys
that are too long.

I propose the patch below to resolve this. Alternatively, or in addition,
a similar check could be added to basic_iarchive when reading keys from an
archive.

{{{
   --- a/libs/serialization/src/basic_oarchive.cpp
   +++ b/libs/serialization/src/basic_oarchive.cpp
   @@ -331,6 +331,12 @@
                        // makes a copy when passing a non-const to a
const. This
                        // is permitted by the standard but rarely seen in
practice
                        const class_name_type cn(key);
   + if(cn.size() > (BOOST_SERIALIZATION_MAX_KEY_SIZE -
1))
   + boost::serialization::throw_exception(
   + boost::archive::archive_exception(
   + boost::archive::archive_exception::
   + invalid_class_name)
   + );
                        // write out the external class identifier
                        ar.vsave(cn);
                    }
}}}

In addition, this patch could be added to the macro that generates keys
from class names:

{{{
   --- a/boost/serialization/export.hpp
   +++ b/boost/serialization/export.hpp
   @@ -175,6 +175,7 @@
    struct guid_defined< T > : boost::mpl::true_ {}; \
    template<> \
    inline const char * guid< T >(){ \
   + BOOST_ASSERT(BOOST_SERIALIZATION_MAX_KEY_SIZE >= sizeof K); \
        return K; \
    } \
    } /* serialization */ \
}}}

-- 
Ticket URL: <https://svn.boost.org/trac/boost/ticket/10134>
Boost C++ Libraries <http://www.boost.org/>
Boost provides free peer-reviewed portable C++ source libraries.

Date view	Thread view	Subject view	Author view

This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:16 UTC