digitalmars.D.bugs - Bug in std.string - find(char []s, char []sub)
- dickl (13/13) Sep 25 2005 find( char []s,char[]sub) does not check to see if the length of s is
- zwang (3/19) Sep 25 2005 I can't reproduce the bug. The source of std.string.find also looks
- dickl (10/32) Sep 25 2005 I'm using 1.33 but it probably occurs in earlier versions.
- zwang (3/44) Sep 25 2005 Confirmed. This is a bug introduced in dmd 0.133.
- Carlos Santander (5/24) Sep 29 2005 Confirmed too.
find( char []s,char[]sub) does not check to see if the length of s is
less than sub.
find() will return a random value or crash the application.
=========================================
private import std.stdio;
private import std.string;
int main()
{
char [] st1 = "hi";
int i = find(st1,"hello");
writefln("i= ",i);
return 0;
}
Sep 25 2005
dickl wrote:
find( char []s,char[]sub) does not check to see if the length of s is
less than sub.
find() will return a random value or crash the application.
=========================================
private import std.stdio;
private import std.string;
int main()
{
char [] st1 = "hi";
int i = find(st1,"hello");
writefln("i= ",i);
return 0;
}
I can't reproduce the bug. The source of std.string.find also looks
correct to me. Which version of dmd are you using?
Sep 25 2005
zwang wrote:dickl wrote:I'm using 1.33 but it probably occurs in earlier versions. the problem is with this line in find() size_t imax = s.length - sublength + 1; if s.length is < sublength then imax can become a very number since it is unsigned. Causing char *p = memchr(&s[i], c, imax - i); to access memory well beyond s[]. The above example doesn't crash but but will return a value of something other than -1.find( char []s,char[]sub) does not check to see if the length of s is less than sub. find() will return a random value or crash the application. ========================================= private import std.stdio; private import std.string; int main() { char [] st1 = "hi"; int i = find(st1,"hello"); writefln("i= ",i); return 0; }I can't reproduce the bug. The source of std.string.find also looks correct to me. Which version of dmd are you using?
Sep 25 2005
dickl wrote:zwang wrote:Confirmed. This is a bug introduced in dmd 0.133. In previous versions, imax is of type int.dickl wrote:I'm using 1.33 but it probably occurs in earlier versions. the problem is with this line in find() size_t imax = s.length - sublength + 1; if s.length is < sublength then imax can become a very number since it is unsigned. Causing char *p = memchr(&s[i], c, imax - i); to access memory well beyond s[]. The above example doesn't crash but but will return a value of something other than -1.find( char []s,char[]sub) does not check to see if the length of s is less than sub. find() will return a random value or crash the application. ========================================= private import std.stdio; private import std.string; int main() { char [] st1 = "hi"; int i = find(st1,"hello"); writefln("i= ",i); return 0; }I can't reproduce the bug. The source of std.string.find also looks correct to me. Which version of dmd are you using?
Sep 25 2005
Carlos Santander <csantander619 gmail.com> zwang escribió:dickl wrote:Confirmed too. Walter, can you please fix this? My thesis doesn't work because of this... -- Carlos Santander BernalI'm using 1.33 but it probably occurs in earlier versions. the problem is with this line in find() size_t imax = s.length - sublength + 1; if s.length is < sublength then imax can become a very number since it is unsigned. Causing char *p = memchr(&s[i], c, imax - i); to access memory well beyond s[]. The above example doesn't crash but but will return a value of something other than -1.Confirmed. This is a bug introduced in dmd 0.133. In previous versions, imax is of type int.
Sep 29 2005