Re: A novel way to subvert the C++ type system...
mcmccarty@gmail.com (Michael) wrote (abridged):
const char* token = ...;
char* URL = strdup(url); // Yes, I know -- don't
get me started.
const char* ss = strstr(url, token); // Uh-oh...
URL[(ss-URL)+strlen(token)] = '\0'; // ... just shoot me now.
[...]
So the bug here, if you haven't already figured it out, is that this
code modifies the input (const) char string -- and it does so
*without doing a single explicit cast away from const pointer*.
Because (ss-ULR) will be a large number, so the last line effectively
writes off the end of the string and corrupts random memory, and the
memory it corrupts happens to be in the input string. No surprises here.
Presumably they intended either:
const char* ss = strstr(URL, token);
URL[(ss-URL)+strlen(token)] = '\0';
or:
const char* ss = strstr(url, token);
URL[(ss-url)+strlen(token)] = '\0';
either of which would be fine. The difference between the correct and
incorrect versions is fairly subtle, so this was probably a genuine
mistake rather than an attempt to subvert the type system. It may even
have arisen as a confused meld of the two correct versions.
I know in the good ol' days of pre-ISO C, expressions like:
index[ptr] = 1;
... were possible, but I've never seen it done like this in C++.
Even in C++ I sometimes need to convert an offset into one array into an
offset into another. For example:
typedef std::vector<int> int_vec;
int_vec::iterator convert( int_vec &dst, int_vec::const_iterator i,
const int_vec &src ) {
return dst.begin() + (i - src.begin());
}
That is the moral equivalent of the second corrected version above, but
using std containers. It's a way to convert a const_iterator into a
non-const one, as well as between containers.
(I don't think the index[ptr] idiom is involved.)
-- Dave Harris, Nottingham, UK.
--
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]