Does string class take into consideration a poterntial buffer overflow
issue?
or does std:string::c_str() member functions does?
what are the preventives?
8  5113 
"puzzlecracker" <ir*********@gmail.com> wrote in message
news:11**********************@g49g2000cwa.googlegr oups.com Does string class take into consideration a poterntial buffer overflow
issue?
string automatically expands the size of the buffer as required in most
contexts, e.g., the following program illustrates how capacity is
automatically increased:
#include <iostream>
using namespace std;
int main()
{
string str("Start");
for (int i=0; i<20; ++i)
{
cout << "capacity is " << str.capacity() << endl;
str += " addendum to string";
}
return 0;
}
or does std:string::c_str() member functions does?
c_str() returns a read only C-style string and the string class will
allocate whatever size buffer is needed to contain the C-style string. Of
course, as with any other class, if the computer doesn't have enough memory,
then the attempted memory allocation can fail.
If you are trying to write to the string's buffer by getting a pointer to
it, then you have no protection against buffer overflows. This operation is
undefined anyway.
--
John Carson
"puzzlecracker" <ir*********@gmail.com> wrote in message
news:11**********************@g49g2000cwa.googlegr oups.com Does string class take into consideration a poterntial buffer overflow
issue?
As a follow-up to my other post, you can overflow the buffer using the
subscript operator since its use does not cause any automatic capacity
increase, e.g.,
#include <iostream>
using namespace std;
int main()
{
string str;
for (int i=0; i<100; ++i)
{
cout << "capacity is " << str.capacity() << endl;
str[i] = '0';
}
return 0;
}
If you use the at() member function instead, then you won't overflow the
buffer but you will get an out_of_range exception.
Note that a lot of string member functions can throw a length_error
exception if max_size() is exceeded. This max_size() is not capacity,
however. It is an upper bound on the size of any string. On my system
max_size() returns 4294967294.
--
John Carson
John Carson wrote: c_str() returns a read only C-style string and the string class will
allocate whatever size buffer is needed to contain the C-style string.
c_str *may* allocate. Many STL implementations return the pointer to the internal string
buffer, ensuring that it has a terminating \0.
--
Valentin Samko - http://www.valentinsamko.com
"puzzlecracker" <ir*********@gmail.com> wrote in message
news:11**********************@g49g2000cwa.googlegr oups.com... Does string class take into consideration a poterntial buffer overflow
issue?
or does std:string::c_str() member functions does?
what are the preventives?
std::string::c_str() returns a const char *. It is constant, meaning you
can't change the data. Well, you could if you const_cast it, but then you
would get undefined behavior.
std::string::data() returns a char* that you can change the data. Normally
it is not null terminated I believe. This buffer is a fixed size though,
and you can overflow it.
so if you want to use std::string as a buffer direct into the data you need
to make sure that std::string allocates enough memory first (just as you
need to make sure a char array has enough elements).
"Jim Langston" <ta*******@rocketmail.com> wrote in message
news:ks****************@fe06.lga
std::string::data() returns a char* that you can change the data. Normally
it is not null terminated I believe. This buffer is a fixed
size though, and you can overflow it.
It returns a const char * so you cannot change it. The only difference from
c_str() is that it is not null terminated.
--
John Carson
"John Carson" <jc****************@netspace.net.au> wrote in message
news:dk***********@otis.netspace.net.au... "Jim Langston" <ta*******@rocketmail.com> wrote in message
news:ks****************@fe06.lga
std::string::data() returns a char* that you can change the data.
Normally it is not null terminated I believe. This buffer is a fixed
size though, and you can overflow it.
It returns a const char * so you cannot change it. The only difference
from c_str() is that it is not null terminated.
--
John Carson
Gah, you're right. I just looked up data() in MSDN and it does indeed also
return a const char*. Is there no way, then, to get a pointer to the data
of the std::string that can be changed?
"Jim Langston" <ta*******@rocketmail.com> wrote in message
news:_r****************@fe06.lga... "John Carson" <jc****************@netspace.net.au> wrote in message
news:dk***********@otis.netspace.net.au... "Jim Langston" <ta*******@rocketmail.com> wrote in message
news:ks****************@fe06.lga
std::string::data() returns a char* that you can change the data.
Normally it is not null terminated I believe. This buffer is a fixed
size though, and you can overflow it.
It returns a const char * so you cannot change it. The only difference
from c_str() is that it is not null terminated.
--
John Carson
Gah, you're right. I just looked up data() in MSDN and it does indeed
also return a const char*. Is there no way, then, to get a pointer to the
data of the std::string that can be changed?
There's no need. We already have iterators (which
btw have as much potential for abuse as do pointers. :-) )
-Mike
"Jim Langston" <ta*******@rocketmail.com> wrote in message
news:_r****************@fe06.lga
Gah, you're right. I just looked up data() in MSDN and it does
indeed also return a const char*. Is there no way, then, to get a
pointer to the data of the std::string that can be changed?
No legal way. In fact, there is nothing in the standard that guarantees that
the data is stored in a contiguous array. In practice, you can probably get
the address of the (probably contiguous) buffer using &str[0] (where str is
the name of the string object), but this involves undefined behaviour.
--
John Carson This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Peter Jansson |
last post by:
Hello,
I have the following code:
std::map<int,std::set<std::string> > k;
k="1234567890";
k="2345678901";
//...
std::set<std::string> myMethod(std::map<int,std::set<std::string> > k)...
|
by: Erik Wikström |
last post by:
First of all, forgive me if this is the wrong place to ask this question,
if it's a stupid question (it's my second week with C++), or if this is
answered some place else (I've searched but not...
|
by: Patrick Kowalzick |
last post by:
Dear NG,
I would like to change the allocator of e.g. all std::strings, without
changing my code. Is there a portable solution to achieve this?
The only nice solution I can think of, would be...
|
by: puzzlecracker |
last post by:
Does string class take into consideration a poterntial buffer overflow
issue?
or does std:string::c_str() member functions does?
what are the preventives?
|
by: anelma via .NET 247 |
last post by:
Following code works fine, when compiled with VS 6.0, but not anymore when compiled in .NET. What's wrong here, I can't see it by myself?
arrString content will be garbage with .net compilation, but...
|
by: daroman |
last post by:
Hi Guys,
i've problem with my small C++ programm. I've just small template
class which represetns a array, everything works fine up to
combination with std::string. I did tried it with M$ VC++ and...
|
by: HerbD |
last post by:
I have a loooong debugging session behind me! I finally found the reason for the problem and now would like to know, if it is a bug in my code or not standardconformant behavour of the compiler(s) or...
|
by: Jacek Dziedzic |
last post by:
Hi!
I need a routine like:
std::string nth_word(const std::string &s, unsigned int n) {
// return n-th word from the string, n is 0-based
// if 's' contains too few words, return ""
//...
|
by: TBass |
last post by:
Hi,
I'm moving a socket library I wrote from C to C++. In the C version, I
had to malloc char arrays to store incoming communication. My hope was
to use std::string in C++, but then I realized a...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
