[Bug libstdc++/54392] [4.6/4.7/4.8 Regression] std::string::assign() fails to update length
paolo.carlini at oracle dot com
gcc-bugzilla@gcc.gnu.org
Wed Aug 29 15:29:00 GMT 2012
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54392
--- Comment #9 from Paolo Carlini <paolo.carlini at oracle dot com> 2012-08-29 15:28:45 UTC ---
Ok, I see. The problem is that when the source is inside the destination, we
may be copying one more char, the final '\0', than the current size and
overflow the allocated memory. We need reallocation in this case too. But we
can't just follow the path of _M_replace_safe, because it deallocates the
source! This case is harder to fix than the empty rep special case.
More information about the Gcc-bugs
mailing list