[SERVER-4007] The edit() function (command) in shell/dbShell.cpp could index off the end of a string Created: 04/Oct/11 Updated: 11/Jul/16 Resolved: 15/Oct/11 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Shell |
| Affects Version/s: | None |
| Fix Version/s: | 2.1.0 |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | Tad Marshall | Assignee: | Eliot Horowitz (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Any |
||
| Operating System: | ALL |
| Participants: |
| Description |
|
The code in the new 'edit' command in the shell uses the .data() member of <basic_string> (i.e. <string>) but then tests for NUL to end the string. The code should use .c_str() instead, which does NUL terminate. This is probably not a real-world error because real implementations of <string> seem to store strings NUL-terminated anyway. #ifndef _WIN32 for (const char* p=var.data(); *p ; p++){ // should use c_str() instead of data() } |
| Comments |
| Comment by auto [ 15/Oct/11 ] |
|
Author: {u'login': u'erh', u'name': u'Eliot', u'email': u'eliot@10gen.com'}Message: Merge pull request #114 from tadmarshall/
|
| Comment by auto [ 15/Oct/11 ] |
|
Author: {u'login': u'erh', u'name': u'Eliot', u'email': u'eliot@10gen.com'}Message: Merge pull request #114 from tadmarshall/
|
| Comment by Tad Marshall [ 13/Oct/11 ] |
|
I closed pull request 101 and opened https://github.com/mongodb/mongo/pull/114 to replace it. |
| Comment by Tad Marshall [ 06/Oct/11 ] |
|
Pull request https://github.com/mongodb/mongo/pull/101 addresses this. |
| Comment by Tad Marshall [ 04/Oct/11 ] |
|
A question on stackoverflow addresses the difference between std::string.data() and std::string.c_str(). In the responses it is shown that MSVC (at least) internally calls c_str() from data() and that the new C++11 standard requires this behavior. So the ISO 2003 TR1 spec hasn't matched reality for while. So, it's only a bug in the technical sense, no user impact. |