It appears that recent changes to string have accidentally removed some overflow checking that used to be in the basic_string::append() and push_back() methods. The following patch adds the checks back in.
Travis 2007-09-20 Travis Vitek <[EMAIL PROTECTED]> * string (append): add integer overflow check (push_back): Same =================================================================== --- string (revision 576541) +++ string (working copy) @@ -1088,6 +1088,11 @@ inline void basic_string<_CharT, _Traits, _Allocator>:: push_back (value_type __c) { + _RWSTD_REQUIRES (size () <= max_size () - 1, + (_RWSTD_ERROR_LENGTH_ERROR, + _RWSTD_FUNC ("basic_string::append(value_type)"), + size (), max_size () - 1)); + const size_type __size = size () + 1; if ( capacity () < __size @@ -1095,7 +1100,6 @@ append (1, __c); else { traits_type::assign (_C_data [size ()], __c); - // append the terminating NUL character traits_type::assign (_C_data [__size], value_type ()); _C_pref ()->_C_size._C_size = __size; } @@ -1196,6 +1200,12 @@ basic_string<_CharT, _Traits, _Allocator>:: append (const_pointer __s, size_type __n) { + _RWSTD_REQUIRES (size () <= max_size () - __n, + (_RWSTD_ERROR_LENGTH_ERROR, + _RWSTD_FUNC ("basic_string::append(const_pointer," + " size_type)"), + size (), max_size () - __n)); + const size_type __newsize = size () + __n; if ( capacity () <= __newsize