|
|
Boost Users : |
From: Robert Ramey (ramey_at_[hidden])
Date: 2005-11-26 11:30:36
What happens if you try the following changes?
__PPS__ wrote:
> in simplest case std::string is serialized this way:
> length|string data.
> in this case it's possible to feed invalid data to deserialization
> function so that application stalls waiting for the os to reserve huge
> pile or ram, or fails with bad alloc.
> this invalid data could be intentionally manually edited or as well it
> could be the case where you serialize ints and then try to deserialize
> data as strings (or whatever else).
> isn't it possible to have archives such check somehow the size of
> available stream data. (eg, for stringstream), or archives that
> initialized with a data pointer and the size of the data pointed by
> that pointer or maybe something else
>
> here's a complete example that shows such problem in action
>
> /////////////////////////////
>
> #include <iostream>
> #include <fstream>
> #include <string>
> #include <ctime>
> #include <boost/archive/text_oarchive.hpp>
> #include <boost/archive/binary_iarchive.hpp>
> #include <boost/serialization/string.hpp> /// change here
>
> using namespace std;
> using namespace boost::archive;
>
> int main()try{
> string s1 = "Hello world!", s2;
> {
> ofstream file("data.txt", ios::binary | ios::trunc);
> text_oarchive a(file, no_header);
> a << s1;
> }
> time_t t(time(0));
> {
> ifstream file("data.txt", ios::binary);
> binary_iarchive a(file, no_header);
> a >> s2;
> }
> cout << "time elapsed: " << (time(0)-t) << "s" << endl;
> cout << "s2.size() => " << s2.size() << "\n"
> "s2 => \"" << s2.substr(0,64) << "...\"" << endl;
> }catch(const exception &e){
> cout << "error: " << e.what() << endl;
> }
>
>
> /////////////////////////////
>
> and the output I got on win xp:
> time elapsed: 110s
> s2.size() => 1210069553
> s2 => "ello world!
> ..."
Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net