digitalmars.D.bugs - Bug in std.string - find(char []s, char []sub)
- dickl <dick221z yahoo.com> Sep 25 2005
- zwang <nehzgnaw gmail.com> Sep 25 2005
- dickl <dick221z yahoo.com> Sep 25 2005
- zwang <nehzgnaw gmail.com> Sep 25 2005
- Carlos Santander <csantander619 gmail.com> Sep 29 2005
find( char []s,char[]sub) does not check to see if the length of s is
less than sub.
find() will return a random value or crash the application.
=========================================
private import std.stdio;
private import std.string;
int main()
{
char [] st1 = "hi";
int i = find(st1,"hello");
writefln("i= ",i);
return 0;
}
Sep 25 2005
dickl wrote:find( char []s,char[]sub) does not check to see if the length of s is less than sub. find() will return a random value or crash the application. ========================================= private import std.stdio; private import std.string; int main() { char [] st1 = "hi"; int i = find(st1,"hello"); writefln("i= ",i); return 0; }
I can't reproduce the bug. The source of std.string.find also looks correct to me. Which version of dmd are you using?
Sep 25 2005
zwang wrote:dickl wrote:find( char []s,char[]sub) does not check to see if the length of s is less than sub. find() will return a random value or crash the application. ========================================= private import std.stdio; private import std.string; int main() { char [] st1 = "hi"; int i = find(st1,"hello"); writefln("i= ",i); return 0; }
I can't reproduce the bug. The source of std.string.find also looks correct to me. Which version of dmd are you using?
I'm using 1.33 but it probably occurs in earlier versions. the problem is with this line in find() size_t imax = s.length - sublength + 1; if s.length is < sublength then imax can become a very number since it is unsigned. Causing char *p = memchr(&s[i], c, imax - i); to access memory well beyond s[]. The above example doesn't crash but but will return a value of something other than -1.
Sep 25 2005
dickl wrote:zwang wrote:dickl wrote:find( char []s,char[]sub) does not check to see if the length of s is less than sub. find() will return a random value or crash the application. ========================================= private import std.stdio; private import std.string; int main() { char [] st1 = "hi"; int i = find(st1,"hello"); writefln("i= ",i); return 0; }
I can't reproduce the bug. The source of std.string.find also looks correct to me. Which version of dmd are you using?
I'm using 1.33 but it probably occurs in earlier versions. the problem is with this line in find() size_t imax = s.length - sublength + 1; if s.length is < sublength then imax can become a very number since it is unsigned. Causing char *p = memchr(&s[i], c, imax - i); to access memory well beyond s[]. The above example doesn't crash but but will return a value of something other than -1.
Confirmed. This is a bug introduced in dmd 0.133. In previous versions, imax is of type int.
Sep 25 2005
Carlos Santander <csantander619 gmail.com> zwang escribió:dickl wrote:I'm using 1.33 but it probably occurs in earlier versions. the problem is with this line in find() size_t imax = s.length - sublength + 1; if s.length is < sublength then imax can become a very number since it is unsigned. Causing char *p = memchr(&s[i], c, imax - i); to access memory well beyond s[]. The above example doesn't crash but but will return a value of something other than -1.
Confirmed. This is a bug introduced in dmd 0.133. In previous versions, imax is of type int.
Confirmed too. Walter, can you please fix this? My thesis doesn't work because of this... -- Carlos Santander Bernal
Sep 29 2005