Skip to content

[core] Protect a string search from running out of bounds.#21320

Open
hageboeck wants to merge 1 commit intoroot-project:masterfrom
hageboeck:outOfBounds_TClassEdit
Open

[core] Protect a string search from running out of bounds.#21320
hageboeck wants to merge 1 commit intoroot-project:masterfrom
hageboeck:outOfBounds_TClassEdit

Conversation

@hageboeck
Copy link
Member

@hageboeck hageboeck commented Feb 19, 2026

When running gtest-tree-ntuple-ntuple-type-name in address sanitizer, the check for the "const" qualifier ran out of bounds, because the cursor in TClassEdit.cxx:1793 was already at the end of the string, and "next" was one character after its end:

"std::vector<Double32_t[3]   > [10 ]  "
                                       ^

strcmp isn't designed for this case, so this commit adds length checks
before all "strcmp(base+offset, ...)" patterns.

I believe the test worked because the garbage that's read in memory is almost always != 'c' ('o', 'n', ...), and so the comparison is (usually) guaranteed to fail -- until it doesn't.

@hageboeck
[core] Protect a string search from running out of bounds.
b09b756 
When running gtest-tree-ntuple-ntuple-type-name in address sanitizer,
the check for the "const" qualifier ran out of bounds, because the
cursor in TClassEdit.cxx:1793 was already at the end of the string, and
"next" was one character after its end:
"std::vector<Double32_t[3]   > [10 ]  "
                                       ^
strcmp isn't designed for this case, so this commit adds length checks
before all "strcmp(base+offset, ...)" patterns.
@hageboeck hageboeck self-assigned this Feb 19, 2026
@ferdymercury
Copy link
Collaborator

ferdymercury commented Feb 19, 2026

Thanks!
Maybe a bit related:
#9029
#10454

@hageboeck
Copy link
Member Author

hageboeck commented Feb 19, 2026

Thanks! Maybe a bit related: #9029 #10454

Unfortunately not enough related that I would have time to go after those. 😅

@github-actions
Copy link

github-actions bot commented Feb 19, 2026
edited
Loading

Test Results

    22 files      22 suites   3d 6h 36m 25s ⏱️
 3 795 tests  3 790 ✅ 0 💤 5 ❌
76 350 runs  76 345 ✅ 0 💤 5 ❌

For more details on these failures, see this check.

Results for commit b09b756.

♻️ This comment has been updated with latest results.

pcanal
pcanal approved these changes Feb 19, 2026
View reviewed changes
Copy link
Member

@pcanal pcanal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks.

@hageboeck hageboeck added the skip code analysis Skip the code analysis CI steps for this PR, including verifying clang-formatting and running Ruff. label Feb 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pcanal pcanal pcanal approved these changes

@silverweed silverweed silverweed approved these changes

@dpiparo dpiparo Awaiting requested review from dpiparo dpiparo is a code owner

Assignees

@hageboeck hageboeck

Labels

skip code analysis Skip the code analysis CI steps for this PR, including verifying clang-formatting and running Ruff.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@hageboeck @ferdymercury @pcanal @silverweed

Comments