[serialization] Enum loading may lead to uninitialized value [Ask for change]
Hi! I found that template boost::archive::detail::load_enum_type (boost\archive\detail\iserializer.hpp) may overvrite loading enum's value with uninitialized ones. See comments: template<class Archive, class T> struct load_enum_type { static void invoke(Archive &ar, T &t){ int i; // Initialize 'i' with trash ar >> boost::serialization::make_nvp(NULL, i); // Imagine: some code in archive skips loading t = static_cast<T>(i); // Ooops, get the trash into 't' } }; I think it is more secure to initialize 'i' from 't'. So, if archive's code skips loading, we just get 't' unchanged instead of corrupted. Probably, someone can fix this in svn? Andrey Upadyshev P.S. Sorry for my English.
AMDG Andrey Upadyshev wrote:
I found that template boost::archive::detail::load_enum_type (boost\archive\detail\iserializer.hpp) may overvrite loading enum's value with uninitialized ones. See comments:
template<class Archive, class T> struct load_enum_type { static void invoke(Archive &ar, T &t){ int i; // Initialize 'i' with trash ar >> boost::serialization::make_nvp(NULL, i); // Imagine: some code in archive skips loading t = static_cast<T>(i); // Ooops, get the trash into 't' } };
I think it is more secure to initialize 'i' from 't'. So, if archive's code skips loading, we just get 't' unchanged instead of corrupted. Probably, someone can fix this in svn?
Why should an archive skip loading? If it fails for some reason, it ought to throw an exception. If this is really an important use case, the entire library will probably need to be reviewed as I highly doubt that it was written with that in mind. Also, all that the archive will see is the load of an int. How can it possibly distinguish loading an int that it can safely skip from loading an int that is needed to parse the archive format correctly? In Christ, Steven Watanabe
Steven Watanabe wrote:
AMDG
Andrey Upadyshev wrote:
I found that template boost::archive::detail::load_enum_type (boost\archive\detail\iserializer.hpp) may overvrite loading enum's value with uninitialized ones. See comments:
template<class Archive, class T> struct load_enum_type { static void invoke(Archive &ar, T &t){ int i; // Initialize 'i' with trash ar >> boost::serialization::make_nvp(NULL, i); // Imagine: some code in archive skips loading t = static_cast<T>(i); // Ooops, get the trash into 't' } };
I think it is more secure to initialize 'i' from 't'. So, if archive's code skips loading, we just get 't' unchanged instead of corrupted. Probably, someone can fix this in svn?
Why should an archive skip loading? If it fails for some reason, it ought to throw an exception. If this is really an important use case, the entire library will probably need to be reviewed as I highly doubt that it was written with that in mind. Imagine an archive that deserializes from some DOM-like tree (builded from XML or JSON or probably some other document format) in 'non-strict' mode. 'Non-strict' mode means that archive just skips deserialization of nonexistance tree nodes (and keep values that refers (throught the nvp) to this nodes (and all subnodes) unchanged). Also, all that the archive will see is the load of an int. How can it possibly distinguish loading an int that it can safely skip from loading an int that is needed to parse the archive format correctly? It doesn't need to distinguish, it is just skips regardless of type.
Now I have an JSON-archive with described 'non-strict' deserialization behaviour. I use it for JSON-RPC realization and for loading user's config files. And for any types except enums it is works well. Hm... probably, I try to use serialization library not for its purpose? Andrey Upadyshev
participants (2)
-
Andrey Upadyshev -
Steven Watanabe