Thanks, I've checked in your fix.
--------------------------------------------------
From: "trungantran" <[email protected]>
Sent: Thursday, June 18, 2009 11:11 AM
To: "Crypto++ Users" <[email protected]>
Subject: Bug in datatest.cpp and workaround
>
> Compiler: g++
> STL Platform: STLPort(with debug mode turned on)
>
> I got these error messages when running "cryptest v":
>
> c:/mingw/include/stlport/stl/debug/_string.h(226): STL error : Index
> out of bounds
> c:/mingw/include/stlport/stl/debug/_string.h(226): STL assertion
> failure: __n < this->size()
>
> The source of this problem is a bug in the implementation of
> "PutDecodedDatumInto":
>
> void PutDecodedDatumInto(const TestData &data, const char *name,
> BufferedTransformation &target)
> {
> std::string s1 = GetRequiredDatum(data, name), s2;
>
> while (!s1.empty())
> {
> while (s1[0] == ' ') //<-- Bug is here
> s1 = s1.substr(1);
> ...
> }
> }
>
> It's obvious that if s1 is empty, "s1[0]" will be an invalid read
> because 0 == s1.size() (According to C++ standard, index is valid only
> if its value is less than the length of string).
>
> The workaround is to change:
> while (s1[0] == ' ')
> s1 = s1.substr(1);
>
> to:
> while (s1[0] == ' ') {
> s1 = s1.substr(1);
> if (s1.empty())
> return; //avoid invalid read if s1 is empty
> }
>
> Note:
> 1. This bug makes many tests failed because datum of some fields ends
> with a space character ("MAC" field in authenticated-symmetric cipher
> test for e.g).
>
> 2. To reproduce this bug with other compiler/STL platform (MSVC/
> Dinkumware for e.g), just replace "s1[0]" with "s1.at(0)" (because
> std::string::operator[ ] doesnt check whether index is valid) and you
> will get the "std::out_of_range" exception (MSVC/Dinkumware will
> produce "invalid string position" error messages).
>
> Regards,
> An
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [email protected].
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
-~----------~----~----~----~------~----~------~--~---
