http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48257
--- Comment #14 from Jonathan Wakely <redi at gcc dot gnu.org> 2011-03-25
09:54:25 UTC ---
(In reply to comment #13)
>
> Sorry for the confusion here Jon. I meant to ask if the specs define what the
> behaviour should be if __s *does not* contain __n elements.
No, it's undefined.
If the standard said what should happen, it would be defined.
There's no way to tell if it doesn't contain the necessary number of elements.
> > > > 2. For cases undefined in the specs, do we take steps to ensure
> > > > robustness?
> > Where possible, yes, that's what -D_GLIBCXX_DEBUG tries to do. But in
> > general
> > it's not possible to verify that the supplied string meets the required
> > length.
> > Given a const char*, how do you tell if it points to an array of at least n
> > chars? You can't.
>
> We could always look for the null-termination :) But like you say below, this
> would add overhead and still not handle all cases.
No, you most definitely cannot. Not all arrays of characters are terminated:
char s[] = { 'a', 'b', 'c' };
std::string str(s, 3);
Attempting to check for a null terminator here will walk off the end of the
array into random pages of memory, possibly causing a segfault.
You can check in some specific cases, but not for all cases. As I said, in
general you can't detect the error, so it's the programmer's responsibility to
meet the preconditions of the functions they call.
It's really no different to calling memcpy() with invalid arguments and
overwriting any region of memory.
