473,320 Members | 2,164 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Changing Contents of a String with PtrToStringChars

What should happen if String contents are changed like below?
The contents do change and nothing crashed or anything.

String* str = S"hello";
Char __pin* ps = const_cast<Char*>(PtrToStringChars(str));
while(ps && *ps != 0)
(*ps++)='0';
Console::WriteLine(str);
Nov 16 '05 #1
9 3625
What should happen if String contents are changed like below?
The contents do change and nothing crashed or anything.


You could end up chaniging strings you don't expect. Just try

String* str = S"hello";
String* str2 = str;
Char __pin* ps = const_cast<Char*>(PtrToStringChars(str));
while(ps && *ps != 0)
(*ps++)='0';
Console::WriteLine(str);
Console::WriteLine(str2);

The CLR's string interning feature makes this even worse - you could
change strings in parts of the program you don't control.

Mattias

--
Mattias Sjögren [MVP] mattias @ mvps.org
http://www.msjogren.net/dotnet/
Please reply only to the newsgroup.
Nov 16 '05 #2
Thanx Mattias!

I didn't think of interning :)

But let's take this to another plane:

String* password = Console::ReadLine();
if(String::IsInterned(password) == NULL)
{
Char __pin* ps = const_cast<Char*>(PtrToStringChars(password));
while(ps && *ps != 0)
(*ps++)='0';
}
Console::WriteLine(password);

Basically i want to clear the password.

To anyone, So if String was not Interned it seems to be OK
to change it's contents although it's "immutable"?
Mattias Sjögren <ma********************@mvps.org> wrote in message news:<#D**************@TK2MSFTNGP12.phx.gbl>...
What should happen if String contents are changed like below?
The contents do change and nothing crashed or anything.


You could end up chaniging strings you don't expect. Just try

String* str = S"hello";
String* str2 = str;
Char __pin* ps = const_cast<Char*>(PtrToStringChars(str));
while(ps && *ps != 0)
(*ps++)='0';
Console::WriteLine(str);
Console::WriteLine(str2);

The CLR's string interning feature makes this even worse - you could
change strings in parts of the program you don't control.

Mattias

Nov 16 '05 #3
But let's take this to another plane:

String* password = Console::ReadLine();
if(String::IsInterned(password) == NULL)
{
Char __pin* ps = const_cast<Char*>(PtrToStringChars(password));
while(ps && *ps != 0)
(*ps++)='0';
}
Console::WriteLine(password);

Basically i want to clear the password.
Can't you retrieve the password into a Byte[] or Char[] instead? That
would let you clear the content easily.

To anyone, So if String was not Interned it seems to be OK
to change it's contents although it's "immutable"?


I would never say it's OK to do so.

Mattias

--
Mattias Sjögren [MVP] mattias @ mvps.org
http://www.msjogren.net/dotnet/
Please reply only to the newsgroup.
Nov 16 '05 #4
Yes I can. But TextControl can't. :)
Even if i use GetWindowText myself, i derive the key
using PasswordDeriveBytes which takes only string!
QAnd there are other cases also.

Mattias Sjögren <ma********************@mvps.org> wrote in message news:<#Z**************@TK2MSFTNGP09.phx.gbl>...
But let's take this to another plane:

String* password = Console::ReadLine();
if(String::IsInterned(password) == NULL)
{
Char __pin* ps = const_cast<Char*>(PtrToStringChars(password));
while(ps && *ps != 0)
(*ps++)='0';
}
Console::WriteLine(password);

Basically i want to clear the password.


Can't you retrieve the password into a Byte[] or Char[] instead? That
would let you clear the content easily.

To anyone, So if String was not Interned it seems to be OK
to change it's contents although it's "immutable"?


I would never say it's OK to do so.

Mattias

Nov 16 '05 #5
A (more?) serious problem is that there's probably no guarantee that there
aren't other, unreachable copies of the password text in the GC heap.
Unless you can clear all of them, you're probably only gaining a false sense
of security.

-cd

cppdev wrote:
Yes I can. But TextControl can't. :)
Even if i use GetWindowText myself, i derive the key
using PasswordDeriveBytes which takes only string!
QAnd there are other cases also.

Mattias Sjögren <ma********************@mvps.org> wrote in message
news:<#Z**************@TK2MSFTNGP09.phx.gbl>...
But let's take this to another plane:

String* password = Console::ReadLine();
if(String::IsInterned(password) == NULL)
{
Char __pin* ps = const_cast<Char*>(PtrToStringChars(password));
while(ps && *ps != 0)
(*ps++)='0';
}
Console::WriteLine(password);

Basically i want to clear the password.


Can't you retrieve the password into a Byte[] or Char[] instead? That
would let you clear the content easily.

To anyone, So if String was not Interned it seems to be OK
to change it's contents although it's "immutable"?


I would never say it's OK to do so.

Mattias

Nov 16 '05 #6
Hi,

I am reviewing this post. Please feel free to let me know if you have any
problems or concerns.

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! ¨C www.microsoft.com/security
This posting is provided ¡°as is¡± with no warranties and confers no rights.
Nov 16 '05 #7
Hi!

I think it would be nice if String class provided a Clear method.
My concern is with the .net strings that they can remain
indefinitely in memory.

timhuang (Tian Min Huang) wrote in message news:<ks**************@cpmsftngxa06.phx.gbl>...
Hi,

I am reviewing this post. Please feel free to let me know if you have any
problems or concerns.

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! ¨C www.microsoft.com/security
This posting is provided ¡°as is¡± with no warranties and confers no rights.

Nov 16 '05 #8
Hi,

Thanks for your response. As you know, .NET Framework introduces Garbage
Collection to manage the memory, that is, the String memory is also
controled by GC. Although we are able to force GC with explicit System.gc
calls, overuse can severely affect performance. I strongly recommend you
the following articles on GC:

Garbage Collection: Automatic Memory Management in the Microsoft .NET
Framework
http://msdn.microsoft.com/msdnmag/is...I/default.aspx

Garbage Collection¡ªPart 2: Automatic Memory Management in the Microsoft
.NET Framework
http://msdn.microsoft.com/msdnmag/is...2/default.aspx

I look forward to your feedback.

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! ¨C www.microsoft.com/security
This posting is provided ¡°as is¡± with no warranties and confers no rights.
Nov 16 '05 #9
Hi,

Thanks a lot for your feedback. Now that I understand your concerns, I will
report it to our Development Team and I believe they will take it into
consideration for the future version of .NET Framewok.

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! ¨C www.microsoft.com/security
This posting is provided ¡°as is¡± with no warranties and confers no rights.

Nov 16 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Kieran Benton | last post by:
Hi, Sorry to post this, I feel like a right fool but Im under serious time pressure! Afraid I'm a newbie to managed C++ (Ive had to resort to it as Im wrapping some COM objects for C# use). Any...
15
by: Yifan | last post by:
Hi Does anybody know how to convert System::String* to char*? I searched the System::String class members and did not find any. Thanks Yifan
8
by: ppcdev | last post by:
Here's what I try : LPCTSTR tst = (LPCTSTR) (LPCWSTR) Marshal::StringToHGlobalUni(str); c:\MyNetPrj\Prj0001\stunt.cpp(244): error C2440: 'type cast' : cannot convert from 'System::IntPtr' to...
20
by: Peteroid | last post by:
How the heck does one convert a String* to char? Specifically: String* my_string = "HELLO" ; char m_char_array ; m_char_array = my_string ; // error strcpy( m_char_array, my_string ) ; //...
9
by: blair | last post by:
Hi I am using VS 2005 to upgrade a demo project and I came across this error in a bunch of code which compiles fine on VC++ 2003. <code> wchar_t __pin* pVal = PtrToStringChars( val ); </code> ...
3
by: Maileen | last post by:
Hi, How can we convert string^ to String or to LPCWSTR ? thx, Maileen
0
by: Madhu_TN | last post by:
Hi All, I am new to this board. I am trying to create a Crystal Report viewer into a VS C++ Dot NET 2003 app ( This uses both managed and unmanaged code). I get the following compilation error:...
30
by: nano2k | last post by:
Hi I need an efficient method to convert a string object to it's byte equivalent. I know there are LOTS of methods, but they lack in efficiency. All methods allocate new memory to create the byte...
14
by: =?Utf-8?B?Sm9hY2hpbQ==?= | last post by:
I have seen the following function to convert from a System::String^ to a const wchar_t*. I would like to get a LPCTSTR and AFAIK LPCTSTR is equal to const wchar_t*. Then it should all work right?...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.