Skip to content

Creating a std::string with a null pointer is undefined behaviour #3220

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 9, 2024
Merged

Creating a std::string with a null pointer is undefined behaviour #3220

merged 1 commit into from
Aug 9, 2024

Conversation

@eduar-hte
Copy link
Contributor

@eduar-hte eduar-hte commented Aug 8, 2024
edited
Loading

what

Minor changes to avoid initializing a std::string with a null pointer.

why

cppreference mentions this about the constructor that receives a const char * (see here):

9) Constructs the string with the contents initialized with a copy of the null-terminated
character string pointed to by s. The length of the string is determined by the first null
character. The behavior is undefined if [s, s + Traits::length(s)) is not a valid range (for
example, if s is a null pointer).

references

C++23 introduces a deleted constructor to prevent this in static scenarios, which is how this issue was detected.
@eduar-hte
Creating a std::string with a null pointer is undefined behaviour.
30a68de 
- cppreference mentions this about the constructor that receives a
  const char *:
  - Constructs the string with the contents initialized with a copy of
    the null-terminated character string pointed to by s. The length of
    the string is determined by the first null character. The behavior
    is undefined if [s, s + Traits::length(s)) is not a valid range
    (for example, if s is a null pointer).
- C++23 introduces a deleted constructor to prevent this in static
  scenarios, which is how this issue was detected.
@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 8, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
D Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarCloud

Catch issues before they fail your Quality Gate with our IDE extension SonarLint
airween
airween approved these changes Aug 9, 2024
View reviewed changes
Copy link
Member

@airween airween left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - thanks!
@airween airween merged commit 7bdc3c8 into owasp-modsecurity:v3/master Aug 9, 2024
@eduar-hte eduar-hte deleted the string-null branch August 9, 2024 17:12
@eduar-hte eduar-hte mentioned this pull request Aug 12, 2024
Open
@marcstern marcstern added the 3.x Related to ModSecurity version 3.x label Aug 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

3.x Related to ModSecurity version 3.x

3 participants

@eduar-hte @airween @marcstern