search

Thalhammer / jwt-cpp

A header only library for creating and validating json web tokens in c++
https://thalhammer.github.io/jwt-cpp/
MIT License
855 stars 233 forks source link

Reserve & append string in json_traits sign #263

Closed JaredTherriault closed 1 year ago

JaredTherriault commented 1 year ago

iOS crashes when calling sign twice in the same instance - this fix reserves the string memory ahead of time to prevent this.

Thalhammer commented 1 year ago

No offense, but this seems like a work around for a problem in your code/compiler/stl. If I understood it correctly it boils down to:

std::string str3 = str1 + str2;

vs

std::string str3;
str3.reserve(str1.size() + str2.size());
str3.append(str2);
str3.append(str2);

which according to the standard should behave exactly the same. The later might be slightly more efficient as it prevents a realloc of the buffer, but that shouldn't cause crashes. I feel like theres some sort of race condition or something like that, thats now hidden because the resize causes the timing to shift slightly enough to not cause issues anymore.

Can you provide more details on where it crashes (e.g. a stack trace) ?

OpenSSL (and by extend jwt-cpp) is not threadsafe by default on most platforms and jwt-cpp makes no attempt in being it either, so if you reuse the same instance make sure not to do so from two threads at the same time.

Thalhammer commented 1 year ago

@JaredTherriault Any update ?

prince-chrismc commented 1 year ago

I'll close this for now, if you have more information feel free to reopen