Wrong implementation for set_cstr for bounded strings about mlib HOT 16 CLOSED

this implementation also seems off and risky, since the last argument is actually count that could be used as s1[count]

from mlib.

Maybe something like that would do?

from mlib.

Another problem is that strcpy_s guarantees null-termination, but your bound strings may be non-null terminated.

from mlib.

Hmm, you are using strlen in you bounded string size method. That is strange and contradicts with my statement above. Now I see you have max_size + 1 as an array. But you still have to refactor the usage of strncpy

from mlib.

You can even end up with an invalid state since currently:

from mlib.

You could just

or maybe rewrite the m_core_strncpy to M_core_strncpy_s and use it everywhere afterwards.

from mlib.

this method is also implemented incorrectly. the size of the destination buffer can't be removed that simply and the m_core_strncat is also wrong in case of using strncat_s, semantically wrong.

from mlib.

An interesting thing. At least in debug build. The strncpy_s actually may write data past zero terminator, so it mast be saved manually and restored (for OOR compatibility.

from mlib.

The issue with strncpy_s and strncat_s should be fixed in master.
This is strange however. All the tests already passed with Visual, and they did trigger this behavior of truncation...
So I don't know why they succeed...

this method is also implemented incorrectly. the size of the destination buffer can't be removed that simply

Which method?

from mlib.

This is strange however. All the tests already passed with Visual, and they did trigger this behavior of truncation...
So I don't know why they succeed...

It is because there was a constraint violation (as you notice), the default runtime handler is called which terminates the program and returns a negative error code to the caller! This is not handled by the script which assumes a successful termination. (It is fixed in master).

from mlib.

Which method?
bounded string's equal str p

from mlib.

Are you sure about your re-implementation? I've coped with the issue with _s variants. Seems like it is not that bad of an idea to use the secure methods on the bounded strings, since their size is statically defined.

from mlib.

Which method?
bounded string's equal str p

I see no issue with _equal_str_p of bounded string.

Are you sure about your re-implementation?

As sure as the tests passed

from mlib.

I see no issue with _equal_str_p of bounded string.

In case you've also reimplemented the cat method yourself, there might be no issue. But there WAS one.

As sure as the tests passed

I've implemented _s variants through non-_s like so and all tests have also passed ;)

from mlib.

In case you've also reimplemented the cat method yourself, there might be no issue. But there WAS one.

Yes, the service that used the cat method was wrong. But _equal_str_p doesn't use this cat method :)

from mlib.

Maybe I've misrememeber =)
Ok, closing the issue.

from mlib.