It appears that recent changes to string have accidentally removed some
overflow checking that used to be in the basic_string::append() and
push_back() methods. The following patch adds the checks back in.
Travis
2007-09-20 Travis Vitek <[EMAIL PROTECTED]>
* string (append): add integer overflow check
(push_back): Same
===================================================================
--- string (revision 576541)
+++ string (working copy)
@@ -1088,6 +1088,11 @@
inline void basic_string<_CharT, _Traits, _Allocator>::
push_back (value_type __c)
{
+ _RWSTD_REQUIRES (size () <= max_size () - 1,
+ (_RWSTD_ERROR_LENGTH_ERROR,
+ _RWSTD_FUNC ("basic_string::append(value_type)"),
+ size (), max_size () - 1));
+
const size_type __size = size () + 1;
if ( capacity () < __size
@@ -1095,7 +1100,6 @@
append (1, __c);
else {
traits_type::assign (_C_data [size ()], __c);
- // append the terminating NUL character
traits_type::assign (_C_data [__size], value_type ());
_C_pref ()->_C_size._C_size = __size;
}
@@ -1196,6 +1200,12 @@
basic_string<_CharT, _Traits, _Allocator>::
append (const_pointer __s, size_type __n)
{
+ _RWSTD_REQUIRES (size () <= max_size () - __n,
+ (_RWSTD_ERROR_LENGTH_ERROR,
+ _RWSTD_FUNC
("basic_string::append(const_pointer,"
+ " size_type)"),
+ size (), max_size () - __n));
+
const size_type __newsize = size () + __n;
if ( capacity () <= __newsize
