3097. basic_stringbuf seekoff effects trigger undefined behavior and have contradictory returns

Section: 31.8.2.5 [stringbuf.virtuals] Status: New Submitter: Billy O'Neal III Opened: 2018-04-07 Last modified: 2020-09-06

Priority: 3

View other active issues in [stringbuf.virtuals].

View all other issues in [stringbuf.virtuals].

View all issues with New status.

Discussion:

Paragraph citations relative to N4727.

[stringbuf.virtuals]/10 says that newoff might be calculated from xnext - xbegin, or from high_mark - xbegin. After newoff is calculated, it does the null pointer check against and zero offset check. However, that means the effects may have already done nullptr - non-nullptr, or non-nullptr - nullptr, which [expr.add]/5 says is undefined behavior.

Moreover, the attempt at avoiding this problem only tests newoff, not the value actually used which is newoff + off. For example, buf.seekoff(100, ios_base::beg, ios_base::out) on a read-only streambuf would try to assign pptr() + newoff + off to pptr(), but pptr() may have been nullptr, giving nullptr + 0 + 100 which triggers UB. (Perhaps the "refers to an uninitialized character" bit protects that though).

Last, the Returns: element says that it returns newoff, but then also says it returns the resulting stream position, which should be something like newoff + off. (I checked libc++ and MSVC++ and we both return newoff + off)

We probably want to resolve that by renaming the value that comes out of Table 108 to something like "basis" and make "newoff" actually be the new offset instead of the starting offset.

[2018-04-16 Priority set to 3 after discussion on the reflector.]

Proposed resolution: