Robert Ramey wrote: Todd Greer wrote:

...

1. The sense of the check of the flags against no_xml_tag_checking is reversed. By default, checking of xml tag names is not done, contrary to the documentation. If no_xml_tag_checking is passed in as a flag, tag checking is enabled.

...

My recommended fix for (1) would be to change no_xml_tag_checking to check_xml_tags, and to change the documentation to reflect this. While the more obvious solution would be to simply fix the comparison, this would introduce a silent behavioral change. My recommended fix will fail to compile for those that have specified no_xml_tag_checking, thus alerting them to the change.

I prefer the more obvious fix as I don't want to change the docs and all the other switches are no_...

I have no objection to that.

...

My recommended fix for (2) is to replace the excerpted code with:

...

if(0 != (this->get_flags() & check_xml_tags) && rv.object_name != name)

Hmmm - don't we have the same problem here? That is if the object name read is larger than "name" we could still overflow something.

In this case, rv.object_name is a std::string. std::string defines an operator!=(string const& a, char const* b) that has well defined semantics regardless of the lengths of a and b. It just requires that b is a valid c-style string. -- Todd Greer <tgreer <at> affinegy dot com> Senior Software Developer, Affinegy LLC