Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.2.12
-
None
Description
the function String::c_ptr() has a debug assert to ensure there was room for a /0 terminator. This may be false in the following series.
Start with a string where str_length == Alloced_length - 1.
Append a single character such that this is called:
inline bool append(char chr) |
{
|
if (str_length < Alloced_length) |
{
|
Ptr[str_length++]=chr;
|
}
|
else |
{
|
if (realloc_with_extra(str_length + 1)) |
return 1; |
Ptr[str_length++]=chr;
|
}
|
return 0; |
}
|
The character is added, wiping out the /0 and creating a situation where str_length == Alloced_length and if c_ptr() is called next, the debug assert aborts.