New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce std::string_view into wider use #14368
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code looks good. Haven't smoke-tested yet.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the future, it would be nice if we could handle the use of std::string_view
like const correctness:
void fun(const T *); // if this is good enough
void fun(T *); // then don't use this
void fun(std::string_view); // if this is good enough
void fun(const std::string &); // then don't use this
@@ -313,14 +324,34 @@ inline std::string trim(const std::string &str) | |||
return str.substr(front, back - front); | |||
} | |||
|
|||
// If input was a temporary string keep it one to make sure patterns like | |||
// trim(func_that_returns_str()) are predictable regarding memory allocation | |||
// and don't lead to UAF. ↓ ↓ ↓ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It only leads to UaFs if the string view is accessed outside of the full expression, right?
So std::string a = std::string(trim(func_that_returns_str()));
, for example, should be fine anyways.
It's a bit weird to have two trim
with different signatures. Could rename them to trim_v
and trim_s
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that should be fine yes.
The problem would exist if you do auto a = trim(func_that_returns_str());
. The string goes out of scope at the end of the line.
Generally I did this so I don't have to touch the many usages of trim
that work like this.
I can add a // TODO: this function should be removed or renamed to trim_s to make the distinction clear.
if you think that's a good idea.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can add a
// TODO: this function should be removed or renamed to trim_s to make the distinction clear.
if you think that's a good idea.
Idk. I guess the overloaded trim
is fine for now. ¯\_(ツ)_/¯
Definitely. Feel free to write this down in the guidelines. |
Tested shortly with asan, ubsan and leaksan. Found no issues.
Done. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thank you.
lots of general conversion and many low hanging fruits
To do
This PR is Ready for Review.
How to test