Subject: [Boost-bugs] [Boost C++ Libraries] #11536: string_ref::substr length overflow
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2015-08-12 16:54:15
#11536: string_ref::substr length overflow
------------------------------+---------------------------
Reporter: bibmaster@… | Owner: no-maintainer
Type: Bugs | Status: new
Milestone: To Be Determined | Component: utility
Version: | Severity: Problem
Keywords: |
------------------------------+---------------------------
basic_string_ref::substr returns invalid object in some cases:
{{{#!C++
string_ref s1("hello");
string_ref s2 = s1.substr(0, string_ref::npos - 1);
// EXPECT s2.size() <= s1.size()
}}}
version with overflow check:
{{{#!C++
basic_string_ref substr(size_type pos, size_type n=npos) const {
...
// add overflow check: pos + n < n
if ( n == npos || pos + n > size() || pos + n < n )
n = size () - pos;
...
}}}
-- Ticket URL: <https://svn.boost.org/trac/boost/ticket/11536> Boost C++ Libraries <http://www.boost.org/> Boost provides free peer-reviewed portable C++ source libraries.
This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:18 UTC