Thread overview | |||||||
---|---|---|---|---|---|---|---|
|
September 26, 2005 Bug in std.string - find(char []s, char []sub) | ||||
---|---|---|---|---|
| ||||
find( char []s,char[]sub) does not check to see if the length of s is less than sub. find() will return a random value or crash the application. ========================================= private import std.stdio; private import std.string; int main() { char [] st1 = "hi"; int i = find(st1,"hello"); writefln("i= ",i); return 0; } |
September 26, 2005 Re: Bug in std.string - find(char []s, char []sub) | ||||
---|---|---|---|---|
| ||||
Posted in reply to dickl | dickl wrote:
> find( char []s,char[]sub) does not check to see if the length of s is less than sub.
>
> find() will return a random value or crash the application.
>
> =========================================
> private import std.stdio;
> private import std.string;
>
> int main()
> {
> char [] st1 = "hi";
> int i = find(st1,"hello");
> writefln("i= ",i);
> return 0;
> }
I can't reproduce the bug. The source of std.string.find also looks correct to me. Which version of dmd are you using?
|
September 26, 2005 Re: Bug in std.string - find(char []s, char []sub) | ||||
---|---|---|---|---|
| ||||
Posted in reply to zwang | zwang wrote:
> dickl wrote:
>
>> find( char []s,char[]sub) does not check to see if the length of s is less than sub.
>>
>> find() will return a random value or crash the application.
>>
>> =========================================
>> private import std.stdio;
>> private import std.string;
>>
>> int main()
>> {
>> char [] st1 = "hi";
>> int i = find(st1,"hello");
>> writefln("i= ",i);
>> return 0;
>> }
>
>
> I can't reproduce the bug. The source of std.string.find also looks correct to me. Which version of dmd are you using?
I'm using 1.33 but it probably occurs in earlier versions.
the problem is with this line in find()
size_t imax = s.length - sublength + 1;
if s.length is < sublength then imax can become a very number since it is unsigned. Causing
char *p = memchr(&s[i], c, imax - i);
to access memory well beyond s[].
The above example doesn't crash but but will return a value of something other than -1.
|
September 26, 2005 Re: Bug in std.string - find(char []s, char []sub) | ||||
---|---|---|---|---|
| ||||
Posted in reply to dickl | dickl wrote:
> zwang wrote:
>
>> dickl wrote:
>>
>>> find( char []s,char[]sub) does not check to see if the length of s is less than sub.
>>>
>>> find() will return a random value or crash the application.
>>>
>>> =========================================
>>> private import std.stdio;
>>> private import std.string;
>>>
>>> int main()
>>> {
>>> char [] st1 = "hi";
>>> int i = find(st1,"hello");
>>> writefln("i= ",i);
>>> return 0;
>>> }
>>
>>
>>
>> I can't reproduce the bug. The source of std.string.find also looks correct to me. Which version of dmd are you using?
>
>
> I'm using 1.33 but it probably occurs in earlier versions.
> the problem is with this line in find()
>
> size_t imax = s.length - sublength + 1;
>
> if s.length is < sublength then imax can become a very number since it is unsigned. Causing
>
> char *p = memchr(&s[i], c, imax - i);
>
> to access memory well beyond s[].
>
> The above example doesn't crash but but will return a value of something other than -1.
Confirmed. This is a bug introduced in dmd 0.133.
In previous versions, imax is of type int.
|
September 30, 2005 Re: Bug in std.string - find(char []s, char []sub) | ||||
---|---|---|---|---|
| ||||
Posted in reply to zwang | zwang escribió: > dickl wrote: >> I'm using 1.33 but it probably occurs in earlier versions. >> the problem is with this line in find() >> >> size_t imax = s.length - sublength + 1; >> >> if s.length is < sublength then imax can become a very number since it is unsigned. Causing >> >> char *p = memchr(&s[i], c, imax - i); >> >> to access memory well beyond s[]. >> >> The above example doesn't crash but but will return a value of something other than -1. > > > Confirmed. This is a bug introduced in dmd 0.133. > In previous versions, imax is of type int. Confirmed too. Walter, can you please fix this? My thesis doesn't work because of this... -- Carlos Santander Bernal |
Copyright © 1999-2021 by the D Language Foundation