[Boost-bugs] [Boost C++ Libraries] #11536: string_ref::substr length overflow

Subject: [Boost-bugs] [Boost C++ Libraries] #11536: string_ref::substr length overflow
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2015-08-12 16:54:15


#11536: string_ref::substr length overflow
------------------------------+---------------------------
 Reporter: bibmaster@… | Owner: no-maintainer
     Type: Bugs | Status: new
Milestone: To Be Determined | Component: utility
  Version: | Severity: Problem
 Keywords: |
------------------------------+---------------------------
 basic_string_ref::substr returns invalid object in some cases:
 {{{#!C++
 string_ref s1("hello");
 string_ref s2 = s1.substr(0, string_ref::npos - 1);
 // EXPECT s2.size() <= s1.size()
 }}}
 version with overflow check:
 {{{#!C++
 basic_string_ref substr(size_type pos, size_type n=npos) const {
             ...
             // add overflow check: pos + n < n
             if ( n == npos || pos + n > size() || pos + n < n )
                 n = size () - pos;
             ...
 }}}

-- 
Ticket URL: <https://svn.boost.org/trac/boost/ticket/11536>
Boost C++ Libraries <http://www.boost.org/>
Boost provides free peer-reviewed portable C++ source libraries.

This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:18 UTC