[Secure Coding] master: C++: Subscripting to read the NUL character in std::string not supported (e6ed150)
fweimer at fedoraproject.org
fweimer at fedoraproject.org
Thu Sep 19 15:11:38 UTC 2013
Repository : http://git.fedorahosted.org/git/?p=secure-coding.git
On branch : master
>---------------------------------------------------------------
commit e6ed150d2b97ffeecfdc00fd04c154307486f87d
Author: Florian Weimer <fweimer at redhat.com>
Date: Thu Sep 19 15:08:53 2013 +0200
C++: Subscripting to read the NUL character in std::string not supported
>---------------------------------------------------------------
defensive-coding/en-US/CXX-Std.xml | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/defensive-coding/en-US/CXX-Std.xml b/defensive-coding/en-US/CXX-Std.xml
index b221949..56e1ad0 100644
--- a/defensive-coding/en-US/CXX-Std.xml
+++ b/defensive-coding/en-US/CXX-Std.xml
@@ -115,6 +115,10 @@
Use the <function>at(size_type)</function> member function
instead. See <xref
linkend="sect-Defensive_Coding-CXX-Std-Subscript"/>.
+ Furthermore, accessing the terminating NUL character using
+ <literal>operator[]</literal> is not possible. (In some
+ implementations, the <literal>c_str()</literal> member function
+ writes the NUL character on demand.)
</para>
<para>
Never write to the pointers returned by
More information about the security
mailing list