Title
basic_stringbuf seekoff effects trigger undefined behavior and have contradictory returns
Status
new
Section
[stringbuf.virtuals]
Submitter
Billy O'Neal III

Created on 2018-04-07.00:00:00 last changed 80 months ago

Messages

Date: 2018-04-16.00:00:00

[ 2018-04-16 Priority set to 3 after discussion on the reflector. ]

Date: 2018-04-07.00:00:00

Paragraph citations relative to N4727.

[stringbuf.virtuals]/10 says that newoff might be calculated from xnext - xbegin, or from high_mark - xbegin. After newoff is calculated, it does the null pointer check against and zero offset check. However, that means the effects may have already done nullptr - non-nullptr, or non-nullptr - nullptr, which [expr.add]/5 says is undefined behavior.

Moreover, the attempt at avoiding this problem only tests newoff, not the value actually used which is newoff + off. For example, buf.seekoff(100, ios_base::beg, ios_base::out) on a read-only streambuf would try to assign pptr() + newoff + off to pptr(), but pptr() may have been nullptr, giving nullptr + 0 + 100 which triggers UB. (Perhaps the "refers to an uninitialized character" bit protects that though).

Last, the Returns: element says that it returns newoff, but then also says it returns the resulting stream position, which should be something like newoff + off. (I checked libc++ and MSVC++ and we both return newoff + off)

We probably want to resolve that by renaming the value that comes out of Table 108 to something like "basis" and make "newoff" actually be the new offset instead of the starting offset.

History
Date User Action Args
2018-04-22 15:57:42adminsetmessages: + msg9826
2018-04-07 00:00:00admincreate