Martin Sebor
Tue, 04 Jul 2006 16:06:40 -0700
Farid Zaripov wrote:
I found that the rw_match function can address to the memory after the end of the string buffer.It calls __rw_get_char to get the last character and this function reads a character after the end of the string buffer:char.cpp line 534: if ('<' == char (ch) && 'U' == src [0] && isxdigit (src [1])) { char.cpp line 548: if ('@' == src [0] && isdigit (src [1])) { src [0] - is the place of the fail.
Hmm, that does look like a subtle bug in rw_match(). Let me look into how best to fix it.
I attached the test to illustrate this problem, but it will work on MSVC/Windows platform only (used MSVC specific keywords).
Cool! This type of a test would be useful in general (AFAIK, this idea is behind Electric Fence). How about abstracting this into a function that would let do the same thing in a portable way? Martin