[
https://issues.apache.org/jira/browse/THRIFT-6027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jens Geyer updated THRIFT-6027:
-------------------------------
Description:
The {{str_to_id}} function in {{t_markdown_generator.cc}} used {{chr<=s.end()}}
as the loop termination condition, causing the loop body to execute when {{chr
== s.end()}}. Dereferencing the end iterator is undefined behaviour and
triggers an STL assertion in debug builds ({{_GLIBCXX_DEBUG}}).
The loop also contained a dead {{*chr == 0}} check — a C-string-style
null-terminator guard that can never be true for a {{std::string}} iterator.
This causes the compiler to abort with an assertion failure whenever
{{str_to_id}} is called (i.e. on every invocation of {{--gen markdown}}) when
built in debug mode.
Fix: rewrite the loop as a range-for, eliminating both issues.
Also adds {{\-\-gen markdown}} to the {{check-local}} target in
{{test/Makefile.am}} so the generator is smoke-tested as part of the autotools
CI run, matching the existing {{--gen html}} test.
was:
The {{str_to_id}} function in {{t_markdown_generator.cc}} used {{chr<=s.end()}}
as the loop termination condition, causing the loop body to execute when {{chr
== s.end()}}. Dereferencing the end iterator is undefined behaviour and
triggers an STL assertion in debug builds ({{_GLIBCXX_DEBUG}}).
The loop also contained a dead {{*chr == 0}} check — a C-string-style
null-terminator guard that can never be true for a {{std::string}} iterator.
This causes the compiler to abort with an assertion failure whenever
{{str_to_id}} is called (i.e. on every invocation of {{--gen markdown}}) when
built in debug mode.
Fix: rewrite the loop as a range-for, eliminating both issues.
Also adds {{--gen markdown}} to the {{check-local}} target in
{{test/Makefile.am}} so the generator is smoke-tested as part of the autotools
CI run, matching the existing {{--gen html}} test.
> Fix UB/assertion in t_markdown_generator::str_to_id (debug build crash)
> -----------------------------------------------------------------------
>
> Key: THRIFT-6027
> URL: https://issues.apache.org/jira/browse/THRIFT-6027
> Project: Thrift
> Issue Type: Bug
> Components: Markdown - Compiler
> Reporter: Jens Geyer
> Assignee: Jens Geyer
> Priority: Major
> Fix For: 0.24.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The {{str_to_id}} function in {{t_markdown_generator.cc}} used
> {{chr<=s.end()}} as the loop termination condition, causing the loop body to
> execute when {{chr == s.end()}}. Dereferencing the end iterator is undefined
> behaviour and triggers an STL assertion in debug builds ({{_GLIBCXX_DEBUG}}).
> The loop also contained a dead {{*chr == 0}} check — a C-string-style
> null-terminator guard that can never be true for a {{std::string}} iterator.
> This causes the compiler to abort with an assertion failure whenever
> {{str_to_id}} is called (i.e. on every invocation of {{--gen markdown}}) when
> built in debug mode.
> Fix: rewrite the loop as a range-for, eliminating both issues.
> Also adds {{\-\-gen markdown}} to the {{check-local}} target in
> {{test/Makefile.am}} so the generator is smoke-tested as part of the
> autotools CI run, matching the existing {{--gen html}} test.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
