find( char []s,char[]sub) does not check to see if the length of s is less than sub.

find() will return a random value or crash the application.

=========================================
private import std.stdio;
private import std.string;

int main()
{
    char [] st1 = "hi";
    int i = find(st1,"hello");
    writefln("i= ",i);
    return 0;
}

dickl wrote:
> find( char []s,char[]sub) does not check to see if the length of s is less than sub.
> 
> find() will return a random value or crash the application.
> 
> =========================================
> private import std.stdio;
> private import std.string;
> 
> int main()
> {
>     char [] st1 = "hi";
>     int i = find(st1,"hello");
>     writefln("i= ",i);
>     return 0;
> }

I can't reproduce the bug. The source of std.string.find also looks correct to me. Which version of dmd are you using?

zwang wrote:
> dickl wrote:
> 
>> find( char []s,char[]sub) does not check to see if the length of s is less than sub.
>>
>> find() will return a random value or crash the application.
>>
>> =========================================
>> private import std.stdio;
>> private import std.string;
>>
>> int main()
>> {
>>     char [] st1 = "hi";
>>     int i = find(st1,"hello");
>>     writefln("i= ",i);
>>     return 0;
>> }
> 
> 
> I can't reproduce the bug. The source of std.string.find also looks correct to me. Which version of dmd are you using?

I'm using 1.33 but it probably occurs in earlier versions.
the problem is with this line in  find()

   size_t imax = s.length - sublength + 1;

if s.length is < sublength then imax can become a very number since it is unsigned. Causing

	char *p = memchr(&s[i], c, imax - i);

to access memory well beyond  s[].

The above example doesn't crash but but will return a value of something other than -1.

dickl wrote:
> zwang wrote:
> 
>> dickl wrote:
>>
>>> find( char []s,char[]sub) does not check to see if the length of s is less than sub.
>>>
>>> find() will return a random value or crash the application.
>>>
>>> =========================================
>>> private import std.stdio;
>>> private import std.string;
>>>
>>> int main()
>>> {
>>>     char [] st1 = "hi";
>>>     int i = find(st1,"hello");
>>>     writefln("i= ",i);
>>>     return 0;
>>> }
>>
>>
>>
>> I can't reproduce the bug. The source of std.string.find also looks correct to me. Which version of dmd are you using?
> 
> 
> I'm using 1.33 but it probably occurs in earlier versions.
> the problem is with this line in  find()
> 
>    size_t imax = s.length - sublength + 1;
> 
> if s.length is < sublength then imax can become a very number since it is unsigned. Causing
> 
>     char *p = memchr(&s[i], c, imax - i);
> 
> to access memory well beyond  s[].
> 
> The above example doesn't crash but but will return a value of something other than -1.

Confirmed. This is a bug introduced in dmd 0.133.
In previous versions, imax is of type int.

zwang escribió:
> dickl wrote:
>> I'm using 1.33 but it probably occurs in earlier versions.
>> the problem is with this line in  find()
>>
>>    size_t imax = s.length - sublength + 1;
>>
>> if s.length is < sublength then imax can become a very number since it is unsigned. Causing
>>
>>     char *p = memchr(&s[i], c, imax - i);
>>
>> to access memory well beyond  s[].
>>
>> The above example doesn't crash but but will return a value of something other than -1.
> 
> 
> Confirmed. This is a bug introduced in dmd 0.133.
> In previous versions, imax is of type int.

Confirmed too.
Walter, can you please fix this? My thesis doesn't work because of this...

-- 
Carlos Santander Bernal