This is the mail archive of the gcc-prs@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

libstdc++/7961: compare( char *) implemented incorrectly.


>Number:         7961
>Category:       libstdc++
>Synopsis:       compare( char *) implemented incorrectly.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Sep 17 20:36:00 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     john.carter@tait.co.nz
>Release:        gcc-3.1.1
>Organization:
>Environment:
All.
>Description:
In bits/basic_string.h

  template<typename _CharT, typename _Traits, typename _Alloc>
    inline bool
    operator==(const basic_string<_CharT, _Traits, _Alloc>& __lhs,
	       const _CharT* __rhs)
    { return __lhs.compare(__rhs) == 0; }

Which invokes in bits/basic_string.tc....

  template<typename _CharT, typename _Traits, typename _Alloc>
    int
    basic_string<_CharT, _Traits, _Alloc>::
    compare(const _CharT* __s) const
    {
      size_type __size = this->size();
      int __r = traits_type::compare(_M_data(), __s, __size);
      if (!__r)
	__r = __size - traits_type::length(__s);
      return __r;
    }

Which invokes ...

bits/char_traits.h

      static int 
      compare(const char_type* __s1, const char_type* __s2, size_t __n)
      { return memcmp(__s1, __s2, __n); }
>How-To-Repeat:

So this bit of code can possibly segviolate if it happens to be in the wrong place at the wrong time....

  string lhs( "abc");
  
  lhs.append( '\0', 1);
 
  lhs += "def";

  lhs == "abc"
>Fix:

A correct implementation would be...
  template<typename _CharT, typename _Traits, typename _Alloc>
    int
    basic_string<_CharT, _Traits, _Alloc>::
    compare(const _CharT* __s) const
    {
      size_type __size = this->size();
      size_type __s_size = traits_types::length(__s);
      size_type __min = __size;
      if ( __size  > __s_size) 
        __min = __s_size;

      int __r = traits_type::compare(_M_data(), __s, __min);
      if (!__r)
	__r = __size - _s_size;
       
      return __r;
    }


I haven't checked, but I suspect other code using the mem* functions in char_traits.h may suffer from the same problem.
>Release-Note:
>Audit-Trail:
>Unformatted:


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]