BIND 10 #838: "string iterator is not dereferencable" issue
BIND 10 Development
do-not-reply at isc.org
Thu May 5 08:58:28 UTC 2011
#838: "string iterator is not dereferencable" issue
-------------------------------------+-------------------------------------
Reporter: | Owner: jinmei
fdupont | Status: reviewing
Type: | Milestone:
defect | Sprint-20110517
Priority: major | Resolution:
Component: | Sensitive: 0
Unclassified | Sub-Project: DNS
Keywords: | Estimated Difficulty: 0.0
Defect Severity: N/A | Total Hours: 0
Feature Depending on Ticket: |
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Comment (by ocean):
Replying to [comment:14 jinmei]:
> Another quick question: the change committed in the branch modified
> EncodeNormalizer::operator*(), while the original proposed fix was
> about DecodeNormalizer::operator*(). Could you clarify it? Is that a
> typo of the original proposed fix, or did you find the original report
> was wrong and the problem was actually in and only in
> EncodeNormalizer?
>
Sorry, it's my fault. it should be put in {{{DecodeNormalizer}}}, this is
not needed to put
into {{{EncodeNormalizer}}}. I cannot commit the change on the Windows
platform because a lot
of hacks are made to reproduce this. So we'd better put the windows
related changes into the trunk.
> In any case, lacking the environment, it's not very clear to me what
> is exactly wrong with the original implementation (calling operator*
> at the end() of the data is wrong of course, but I don't understand
> how that situation happened). Please explain more details about the
> problem.
>
> Thanks,
This is triggered by the following sequence.
1. Given input string of " " which is a one char string with 0x20 (the
space) character.
2. Call decodeBase32Hex-> Base32HexTransformer::decode->
{{{
result.assign(Decoder(DecodeNormalizer(BaseZeroCode,
input.begin(),
srit.base(), input.end())),
Decoder(DecodeNormalizer(BaseZeroCode, input.end(),
input.end(),
input.end())));
}}}
3. The {{{DecodeNormalizer()}}} is a iterator with base_ points to the
start of string.
4. When later the {{{result.assign()}}} is called, it will increase the
first iterator and try to dereference it.
{{{
DecodeNormalizer& operator++() {
++base_;
while (base_ != base_end_ && isspace(*base_)) {
++base_;
}
if (base_ == base_beginpad_) {
in_pad_ = true;
}
return (*this);
}
}}}
Initially the base_ is point to the begin of the input string, since
{{{*base_}}} is a space character (0x20), the base_ will be increased by 1
and equal to {{{base_end_}}}
5. Later when the iterator is dereferenced, it will trigger this problem.
I tried to fix it in the {{{operator++()}}} function, but it seems that no
appropriate method.
--
Ticket URL: <http://bind10.isc.org/ticket/838#comment:15>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list