Bug in datatest.cpp and workaround
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
Bug in datatest.cpp and workaround
by trungantran
::
Rate this Message:
Compiler: g++ STL Platform: STLPort(with debug mode turned on) I got these error messages when running "cryptest v": c:/mingw/include/stlport/stl/debug/_string.h(226): STL error : Index out of bounds c:/mingw/include/stlport/stl/debug/_string.h(226): STL assertion failure: __n < this->size() The source of this problem is a bug in the implementation of "PutDecodedDatumInto": void PutDecodedDatumInto(const TestData &data, const char *name, BufferedTransformation &target) { std::string s1 = GetRequiredDatum(data, name), s2; while (!s1.empty()) { while (s1[0] == ' ') //<-- Bug is here s1 = s1.substr(1); ... } } It's obvious that if s1 is empty, "s1[0]" will be an invalid read because 0 == s1.size() (According to C++ standard, index is valid only if its value is less than the length of string). The workaround is to change: while (s1[0] == ' ') s1 = s1.substr(1); to: while (s1[0] == ' ') { s1 = s1.substr(1); if (s1.empty()) return; //avoid invalid read if s1 is empty } Note: 1. This bug makes many tests failed because datum of some fields ends with a space character ("MAC" field in authenticated-symmetric cipher test for e.g). 2. To reproduce this bug with other compiler/STL platform (MSVC/ Dinkumware for e.g), just replace "s1[0]" with "s1.at(0)" (because std::string::operator[ ] doesnt check whether index is valid) and you will get the "std::out_of_range" exception (MSVC/Dinkumware will produce "invalid string position" error messages). Regards, An --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to cryptopp-users-unsubscribe@.... More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~--- |
|
|
Re: Bug in datatest.cpp and workaround
by Wei Dai
::
Rate this Message:
Thanks, I've checked in your fix. -------------------------------------------------- From: "trungantran" <trantrungan@...> Sent: Thursday, June 18, 2009 11:11 AM To: "Crypto++ Users" <cryptopp-users@...> Subject: Bug in datatest.cpp and workaround > > Compiler: g++ > STL Platform: STLPort(with debug mode turned on) > > I got these error messages when running "cryptest v": > > c:/mingw/include/stlport/stl/debug/_string.h(226): STL error : Index > out of bounds > c:/mingw/include/stlport/stl/debug/_string.h(226): STL assertion > failure: __n < this->size() > > The source of this problem is a bug in the implementation of > "PutDecodedDatumInto": > > void PutDecodedDatumInto(const TestData &data, const char *name, > BufferedTransformation &target) > { > std::string s1 = GetRequiredDatum(data, name), s2; > > while (!s1.empty()) > { > while (s1[0] == ' ') //<-- Bug is here > s1 = s1.substr(1); > ... > } > } > > It's obvious that if s1 is empty, "s1[0]" will be an invalid read > because 0 == s1.size() (According to C++ standard, index is valid only > if its value is less than the length of string). > > The workaround is to change: > while (s1[0] == ' ') > s1 = s1.substr(1); > > to: > while (s1[0] == ' ') { > s1 = s1.substr(1); > if (s1.empty()) > return; //avoid invalid read if s1 is empty > } > > Note: > 1. This bug makes many tests failed because datum of some fields ends > with a space character ("MAC" field in authenticated-symmetric cipher > test for e.g). > > 2. To reproduce this bug with other compiler/STL platform (MSVC/ > Dinkumware for e.g), just replace "s1[0]" with "s1.at(0)" (because > std::string::operator[ ] doesnt check whether index is valid) and you > will get the "std::out_of_range" exception (MSVC/Dinkumware will > produce "invalid string position" error messages). > > Regards, > An > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to cryptopp-users-unsubscribe@.... More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~--- |
| Free embeddable forum powered by Nabble | Forum Help |
