basic_stringbuf seekoff
effects trigger undefined behavior and have contradictory returnsSection: 31.8.2.5 [stringbuf.virtuals] Status: New Submitter: Billy O'Neal III Opened: 2018-04-07 Last modified: 2020-09-06
Priority: 3
View other active issues in [stringbuf.virtuals].
View all other issues in [stringbuf.virtuals].
View all issues with New status.
Discussion:
Paragraph citations relative to N4727.
[stringbuf.virtuals]/10 says that newoff
might be calculated from xnext - xbegin
,
or from high_mark - xbegin
. After newoff
is calculated, it does the null pointer
check against and zero offset check. However, that means the effects may have already done
nullptr -
non-nullptr
, or non-nullptr - nullptr
, which [expr.add]/5 says
is undefined behavior.
newoff
, not the value actually used
which is newoff + off
. For example, buf.seekoff(100, ios_base::beg, ios_base::out)
on a read-only streambuf
would try to assign pptr() + newoff + off to pptr()
, but
pptr()
may have been nullptr
, giving nullptr + 0 + 100
which triggers UB.
(Perhaps the "refers to an uninitialized character" bit protects that though).
Last, the Returns: element says that it returns newoff
, but then also says it returns
the resulting stream position, which should be something like newoff + off
. (I checked libc++
and MSVC++ and we both return newoff + off
)
We probably want to resolve that by renaming the value that comes out of Table 108 to something like
"basis
" and make "newoff
" actually be the new offset instead of the starting offset.
[2018-04-16 Priority set to 3 after discussion on the reflector.]
Proposed resolution: