Does string class take into consideration a poterntial buffer overflow
issue?
or does std:string::c_s tr() member functions does?
what are the preventives?
8  5158 
"puzzlecrac ker" <ir*********@gm ail.com> wrote in message
news:11******** **************@ g49g2000cwa.goo glegroups.com Does string class take into consideration a poterntial buffer overflow
issue?
string automatically expands the size of the buffer as required in most
contexts, e.g., the following program illustrates how capacity is
automatically increased:
#include <iostream>
using namespace std;
int main()
{
string str("Start");
for (int i=0; i<20; ++i)
{
cout << "capacity is " << str.capacity() << endl;
str += " addendum to string";
}
return 0;
}
or does std:string::c_s tr() member functions does?
c_str() returns a read only C-style string and the string class will
allocate whatever size buffer is needed to contain the C-style string. Of
course, as with any other class, if the computer doesn't have enough memory,
then the attempted memory allocation can fail.
If you are trying to write to the string's buffer by getting a pointer to
it, then you have no protection against buffer overflows. This operation is
undefined anyway.
--
John Carson
"puzzlecrac ker" <ir*********@gm ail.com> wrote in message
news:11******** **************@ g49g2000cwa.goo glegroups.com Does string class take into consideration a poterntial buffer overflow
issue?
As a follow-up to my other post, you can overflow the buffer using the
subscript operator since its use does not cause any automatic capacity
increase, e.g.,
#include <iostream>
using namespace std;
int main()
{
string str;
for (int i=0; i<100; ++i)
{
cout << "capacity is " << str.capacity() << endl;
str[i] = '0';
}
return 0;
}
If you use the at() member function instead, then you won't overflow the
buffer but you will get an out_of_range exception.
Note that a lot of string member functions can throw a length_error
exception if max_size() is exceeded. This max_size() is not capacity,
however. It is an upper bound on the size of any string. On my system
max_size() returns 4294967294.
--
John Carson
John Carson wrote: c_str() returns a read only C-style string and the string class will
allocate whatever size buffer is needed to contain the C-style string.
c_str *may* allocate. Many STL implementations return the pointer to the internal string
buffer, ensuring that it has a terminating \0.
--
Valentin Samko - http://www.valentinsamko.com
"puzzlecrac ker" <ir*********@gm ail.com> wrote in message
news:11******** **************@ g49g2000cwa.goo glegroups.com.. . Does string class take into consideration a poterntial buffer overflow
issue?
or does std:string::c_s tr() member functions does?
what are the preventives?
std::string::c_ str() returns a const char *. It is constant, meaning you
can't change the data. Well, you could if you const_cast it, but then you
would get undefined behavior.
std::string::da ta() returns a char* that you can change the data. Normally
it is not null terminated I believe. This buffer is a fixed size though,
and you can overflow it.
so if you want to use std::string as a buffer direct into the data you need
to make sure that std::string allocates enough memory first (just as you
need to make sure a char array has enough elements).
"Jim Langston" <ta*******@rock etmail.com> wrote in message
news:ks******** ********@fe06.l ga
std::string::da ta() returns a char* that you can change the data. Normally
it is not null terminated I believe. This buffer is a fixed
size though, and you can overflow it.
It returns a const char * so you cannot change it. The only difference from
c_str() is that it is not null terminated.
--
John Carson
"John Carson" <jc************ ****@netspace.n et.au> wrote in message
news:dk******** ***@otis.netspa ce.net.au... "Jim Langston" <ta*******@rock etmail.com> wrote in message
news:ks******** ********@fe06.l ga
std::string::da ta() returns a char* that you can change the data.
Normally it is not null terminated I believe. This buffer is a fixed
size though, and you can overflow it.
It returns a const char * so you cannot change it. The only difference
from c_str() is that it is not null terminated.
--
John Carson
Gah, you're right. I just looked up data() in MSDN and it does indeed also
return a const char*. Is there no way, then, to get a pointer to the data
of the std::string that can be changed?
"Jim Langston" <ta*******@rock etmail.com> wrote in message
news:_r******** ********@fe06.l ga... "John Carson" <jc************ ****@netspace.n et.au> wrote in message
news:dk******** ***@otis.netspa ce.net.au... "Jim Langston" <ta*******@rock etmail.com> wrote in message
news:ks******** ********@fe06.l ga
std::string::da ta() returns a char* that you can change the data.
Normally it is not null terminated I believe. This buffer is a fixed
size though, and you can overflow it.
It returns a const char * so you cannot change it. The only difference
from c_str() is that it is not null terminated.
--
John Carson
Gah, you're right. I just looked up data() in MSDN and it does indeed
also return a const char*. Is there no way, then, to get a pointer to the
data of the std::string that can be changed?
There's no need. We already have iterators (which
btw have as much potential for abuse as do pointers. :-) )
-Mike
"Jim Langston" <ta*******@rock etmail.com> wrote in message
news:_r******** ********@fe06.l ga
Gah, you're right. I just looked up data() in MSDN and it does
indeed also return a const char*. Is there no way, then, to get a
pointer to the data of the std::string that can be changed?
No legal way. In fact, there is nothing in the standard that guarantees that
the data is stored in a contiguous array. In practice, you can probably get
the address of the (probably contiguous) buffer using &str[0] (where str is
the name of the string object), but this involves undefined behaviour.
--
John Carson This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Peter Jansson |
last post by:
Hello,
I have the following code:
std::map<int,std::set<std::string> > k;
k="1234567890";
k="2345678901";
//...
std::set<std::string> myMethod(std::map<int,std::set<std::string> > k)
throw(std::runtime_error)
|
by: Erik Wikström |
last post by:
First of all, forgive me if this is the wrong place to ask this question,
if it's a stupid question (it's my second week with C++), or if this is
answered some place else (I've searched but not found anything).
Here's the problem, I have two sets of files, the name of a file contains a
number which is unique for each set but it's possible (even probable) that
two files in different sets have the same numbers. I want to store these...
|
by: Patrick Kowalzick |
last post by:
Dear NG,
I would like to change the allocator of e.g. all std::strings, without
changing my code. Is there a portable solution to achieve this?
The only nice solution I can think of, would be a namespace and another
typedef to basic_string:
namespace my_string
{
|
by: puzzlecracker |
last post by:
Does string class take into consideration a poterntial buffer overflow
issue?
or does std:string::c_str() member functions does?
what are the preventives?
|
by: anelma via .NET 247 |
last post by:
Following code works fine, when compiled with VS 6.0, but not anymore when compiled in .NET. What's wrong here, I can't see it by myself?
arrString content will be garbage with .net compilation, but when compiled with 6.0 it contains string from Vector (that's how I want it to work).
std::vector<std::string> Vector;
...
void MyClass::DoThis(std::vector<std::string> Vector)
{
const char *arrString;
| | |
by: daroman |
last post by:
Hi Guys,
i've problem with my small C++ programm. I've just small template
class which represetns a array, everything works fine up to
combination with std::string. I did tried it with M$ VC++ and with GCC
(Cygwin and Linux) and my problem is when i try do this
int main(int argc, char **argv) {
array<std::stringa(10);
a = "Huhuhu"; <--- with gcc i got a crash !
|
by: HerbD |
last post by:
I have a loooong debugging session behind me! I finally found the reason for the problem and now would like to know, if it is a bug in my code or not standardconformant behavour of the compiler(s) or not a bug at all and just normal behavior:
This simple sample program illustrates the problem. Please use separate header (.h) and code (.cpp) files, because it plays a role in the problem...
/**************************************
* Module: ...
|
by: Jacek Dziedzic |
last post by:
Hi!
I need a routine like:
std::string nth_word(const std::string &s, unsigned int n) {
// return n-th word from the string, n is 0-based
// if 's' contains too few words, return ""
// 'words' are any sequences of non-whitespace characters
// leading, trailing and multiple whitespace characters
// should be ignored.
|
by: TBass |
last post by:
Hi,
I'm moving a socket library I wrote from C to C++. In the C version, I
had to malloc char arrays to store incoming communication. My hope was
to use std::string in C++, but then I realized a problem.
While '\0' is a valid string terminator for text, for my purposes it
is a problem. My program regularly gets '\0' as a value (Modbus/RTU
and TCP pass register values as the actual values, not the ASCII
chart). That would be a problem...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
| | |
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
