Invalid read in unique()

[Quuxplusone]

hive::unique currently looks like this:

                for(const_iterator current = cbegin(), end = cend(), previous; current != end;)
                {
                        previous = current++;

                        if (compare(*current, *previous))
                        {

Suppose the hive has size 1, we set current to cbegin(), increment it with current++ so now it's at end(), and then dereference it. This can cause a segfault if things line up just right. For example, this segfaults on my machine:

#include "plf_hive.h"
#include <cassert>

int main() {
    plf::hive<int> h = {1, 2, 1, 0, 2, 1, 0, 1, 2, 0};
    h.unique();
}

Seems pretty simple to fix; you just have to check current == end before dereferencing it.

[mattreecebentley]

Thanks, fixed in beta

On 25/04/2022 10:13 am, Quuxplusone wrote:

|hive::unique| currently looks like this:

|for(const_iterator current = cbegin(), end = cend(), previous; current != end;) { previous = current++; if (compare(current, previous)) { |

Suppose the hive has size 1, we set |current| to |cbegin()|, increment it with |current++| so now it's at |end()|, and then dereference it. This can cause a segfault if things line up just right. For example, this segfaults on my machine:

|#include "plf_hive.h" #include int main() { plf::hive h = {1, 2, 1, 0, 2, 1, 0, 1, 2, 0}; h.unique(); } |

Seems pretty simple to fix; you just have to check |current == end| before dereferencing it.

— Reply to this email directly, view it on GitHub https://github.com/mattreecebentley/plf_hive/issues/15, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABE4FIQ3IXVDAGIIT6GV2JDVGXBRDANCNFSM5UG3JNVQ. You are receiving this because you are subscribed to this thread.Message ID: @.***>