Opened 2 years ago

Closed 10 months ago

#12253 closed Bugs (fixed)

UUID Valid String Semantics are Erratic

Reported by: Aaron <dartme18@…> Owned by: James E. King, III
Milestone: Boost 1.66.0 Component: uuid
Version: Boost 1.60.0 Severity: Problem
Keywords: Cc: dartme18@…


In boost/uuid/string_generator.hpp unsigned char get_value(char c) const, the hex characters [0123456789abcdefABCDEF] are handled explicitly, and any other character is treated as 0xFF (255). However, from line 89 (within operator()), if there is a dash in the ninth character, but not in the fourteenth, etc., throw_invalid is called. That means that the uuid "Have a great big roast-beef sandwich!" will not throw, but "01234567-89abcdef-0123-456789abcdef" will.

Instead of allowing most invalid characters (excepting dashes and lack of braces in certain positions), we should disallow anything but the standard hex digits as digits. Besides the brace and dash handling as it currently is, only [0123456789abcdefABCDEF] should be allowed.

Attachments (0)

Change History (7)

comment:1 Changed 2 years ago by Michel Morin

Component: Noneuuid
Owner: set to Andy Tompkins

comment:2 Changed 11 months ago by jim.king@…

I can confirm this behavior in boost 1.62 as well:

    //! Convert a string to a GUID
    inline GUID stog(const std::string& gs)
        BOOST_STATIC_ASSERT(sizeof(GUID) == sizeof(boost::uuids::uuid));
        GUID result;
        memcpy(&result, boost::uuids::string_generator()(gs).data, sizeof(GUID));
        return result;

Sitting in the debugger, we see I passed in an invalid uuid string but I got back a GUID that has FFFF in place of the "zzzz" I put in there:

+	gs	                   "83f8638b-8dca-4152-zzzz-2ca8b33039b4"	const 
+	&result	0x0000005305f9ed38 {8B63F883-CA8D-5241-FFFF-2CA8B33039B4}	_GUID *

I would also like to see the parser here changed to be much more strict.

comment:3 Changed 11 months ago by James E. King, III <jking@…>

A fix for this can be found in PR

comment:4 Changed 11 months ago by James E. King, III <jking@…>

Milestone: Boost 1.61.0To Be Determined

I changed the milestone from 1.61.0 to "To Be Determined" because it wasn't fixed in 1.61.0

comment:5 Changed 10 months ago by James E. King, III

Owner: changed from Andy Tompkins to James E. King, III

comment:6 Changed 10 months ago by James E. King, III

Milestone: To Be DeterminedBoost 1.66.0

comment:7 Changed 10 months ago by James E. King, III

Resolution: fixed
Status: newclosed

Modify Ticket

Change Properties
Set your email in Preferences
as closed The owner will remain James E. King, III.
The resolution will be deleted.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.