Hi!
I think there is a bug in string.cpp in commoncpp2-1.3.12 and
previous versions.
size_t String::setSize(size_t chars)
{
if(chars <= minsize && !isBig())
return minsize;
if(chars <= slotlimit)
{
chars = chars / slotsize;
++chars *= slotsize; //!!! HERE !!!
// if (chars % slotsize == 0) you don't need allocate additional
// slotsize. And in case when length of original string equals 511
// bytes it will core dumped in clear().
}
content.bigstring.size = chars;
return chars;
}
void String::clear(void)
{
char **next;
unsigned slot;
if(!isBig())
goto end;
if(!content.bigstring.text)
goto end;
// the length of origial string equals 511 bytes + '\0' = 512 bytes
// and it allocated from pool not a heap, but due to error in
// setSize getSize() returned 544.
if(getSize() > slotlimit) !!! HERE !!!
{
delete[] content.bigstring.text;
goto end;
}
slot = ((unsigned)getSize() - 1) / slotsize;
next = (char **)content.bigstring.text;
mutex.enterMutex();
*next = idx[slot];
idx[slot] = content.bigstring.text;
setLength(0);
content.bigstring.text = NULL;
mutex.leaveMutex();
end:
init();
return;
}
Patch is attached.
Nick Migel
--- string.cpp 2005-07-01 16:25:09.488375200 +0400
+++ string.cpp.orig 2005-07-01 16:24:40.212825760 +0400
@@ -757,12 +757,11 @@
if(chars <= minsize && !isBig())
return minsize;
- if(chars <= slotlimit)
- {
- size_t slotcount = chars / slotsize;
- if((chars % slotsize)!=0) ++slotcount;
- chars = slotcount*slotsize;
- }
+ if(chars <= slotlimit)
+ {
+ chars = chars / slotsize;
+ ++chars *= slotsize;
+ }
content.bigstring.size = chars;
return chars;
}
_______________________________________________
Bug-commoncpp mailing list
Bug-commoncpp@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-commoncpp
