You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
auto ts = [](size_t x){ returnstd::to_string(x); };
std::string msg = std::string("Target buffer size is smaller than source: [source size, buffer size]")
+s+ ts(source_size) +s+ ts(target_size);
return msg.c_str();
This code trigger -Wreturn-stack-address since this is not a known at compile time string, and thus the content of the string will be use after free by the caller. Ideally if the exception would just return a string for each implementation, there will be no issue.
The text was updated successfully, but these errors were encountered:
I think that if the string msg is stored (like in some other exception classes) as a member then this should be good. But this will certainly break ABI.
Use static string object for keeping the c_str message for the caller.
Strings collection used as an alternative to memory leaks done via strdup().
To add, TargetBufferSmallerThanSource Exception should never happen in a correctly written library client, as this completely depends on the implementation and not on the communication with the device
Downside: if missed and when occurring too often, the memory taken by the exception messages can take too much memory.
Potential improvement: replace std::vector with a kind of a ring buffer, or add simple wrapping logic over it.
This should avoid breaking ABI by using static memory. Note: there might be multiple exceptions' strings collections (for each compilation unit including this header).
Correct that for libnitrokey 4, by keeping string as a member of the exception.
Fixes#214Fixes#217
libnitrokey/libnitrokey/LibraryException.h
Lines 49 to 54 in d22a0d2
This code trigger -Wreturn-stack-address since this is not a known at compile time string, and thus the content of the string will be use after free by the caller. Ideally if the exception would just return a string for each implementation, there will be no issue.
The text was updated successfully, but these errors were encountered: