|
|
Boost Users : |
From: Todd Greer (TGreer_at_[hidden])
Date: 2006-07-26 14:00:44
Hi,
While developing skip_xml_iarchive, I noticed to bugs in
basic_xml_iarchive::load_end().
1. The sense of the check of the flags against no_xml_tag_checking is
reversed. By default, checking of xml tag names is not done, contrary to
the documentation. If no_xml_tag_checking is passed in as a flag, tag
checking is enabled.
2. If tag checking is enabled, and a tag name is encountered that is
longer than the name passed in, the name string is accessed past the end
of the array. In the expression
"name[this->This()->gimpl->rv.object_name.size()]", the index is the
size of the encountered name, and could be arbitrarily large.
The relevant portion of basic_xml_iarchive::load_end() is included here:
if(0 != (this->get_flags() & no_xml_tag_checking)){
if(0 != name[this->This()->gimpl->rv.object_name.size()]
|| ! std::equal(
this->This()->gimpl->rv.object_name.begin(),
this->This()->gimpl->rv.object_name.end(),
name
)
My recommended fix for (1) would be to change no_xml_tag_checking to
check_xml_tags, and to change the documentation to reflect this. While
the more obvious solution would be to simply fix the comparison, this
would introduce a silent behavioral change. My recommended fix will fail
to compile for those that have specified no_xml_tag_checking, thus
alerting them to the change.
My recommended fix for (2) is to replace the excerpted code with:
if(0 != (this->get_flags() & check_xml_tags) && rv.object_name != name)
The Boost FAQ recommends posting bug reports to the mailing list. Let me
know if you would like for me to submit this to the bug repository.
-- Todd Greer <tgreer <at> affinegy dot com> Senior Software Developer, Affinegy LLC
Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net