This is the mail archive of the
mailing list for the GCC project.
Re: Fix writing beyond array bounds in codecvt/unshift/char/1.cc
On 22 April 2010 15:12, Alexander Monakov wrote:
>> But now when c_lit+size is passed to cvt->in() and cvt->out() it will
>> be too large.
> Sorry, I do not agree. ?Those are past-the-end iterators used to define a
> sequence [c_lit, c_lit+size) (right end not inclusive) and must be legal.
> Or am I missing something?
Yes, you're missing that c_lit+strlen(c_lit) is already past-the-end,
i.e. it points to the nul terminator in the last element of c_lit.
If you pass c_lit+strlen(c_lit)+1 then that is one past the nul
terminator, and so codecvt::in will try to read the nul, which is not