Opened 19 months ago

Closed 4 months ago

#12253 closed Bugs (fixed)

UUID Valid String Semantics are Erratic

Reported by: Aaron <dartme18@…> Owned by: James E. King, III
Milestone: Boost 1.66.0 Component: uuid
Version: Boost 1.60.0 Severity: Problem
Keywords: Cc: dartme18@…


In boost/uuid/string_generator.hpp unsigned char get_value(char c) const, the hex characters [0123456789abcdefABCDEF] are handled explicitly, and any other character is treated as 0xFF (255). However, from line 89 (within operator()), if there is a dash in the ninth character, but not in the fourteenth, etc., throw_invalid is called. That means that the uuid "Have a great big roast-beef sandwich!" will not throw, but "01234567-89abcdef-0123-456789abcdef" will.

Instead of allowing most invalid characters (excepting dashes and lack of braces in certain positions), we should disallow anything but the standard hex digits as digits. Besides the brace and dash handling as it currently is, only [0123456789abcdefABCDEF] should be allowed.

Attachments (0)

Change History (7)

comment:1 Changed 18 months ago by Michel Morin

Component: Noneuuid
Owner: set to Andy Tompkins

comment:2 Changed 5 months ago by jim.king@…

I can confirm this behavior in boost 1.62 as well:

    //! Convert a string to a GUID
    inline GUID stog(const std::string& gs)
        BOOST_STATIC_ASSERT(sizeof(GUID) == sizeof(boost::uuids::uuid));
        GUID result;
        memcpy(&result, boost::uuids::string_generator()(gs).data, sizeof(GUID));
        return result;

Sitting in the debugger, we see I passed in an invalid uuid string but I got back a GUID that has FFFF in place of the "zzzz" I put in there:

+	gs	                   "83f8638b-8dca-4152-zzzz-2ca8b33039b4"	const 
+	&result	0x0000005305f9ed38 {8B63F883-CA8D-5241-FFFF-2CA8B33039B4}	_GUID *

I would also like to see the parser here changed to be much more strict.

comment:3 Changed 4 months ago by James E. King, III <jking@…>

A fix for this can be found in PR

comment:4 Changed 4 months ago by James E. King, III <jking@…>

Milestone: Boost 1.61.0To Be Determined

I changed the milestone from 1.61.0 to "To Be Determined" because it wasn't fixed in 1.61.0

comment:5 Changed 4 months ago by James E. King, III

Owner: changed from Andy Tompkins to James E. King, III

comment:6 Changed 4 months ago by James E. King, III

Milestone: To Be DeterminedBoost 1.66.0

comment:7 Changed 4 months ago by James E. King, III

Resolution: fixed
Status: newclosed

Modify Ticket

Change Properties
Set your email in Preferences
as closed The owner will remain James E. King, III.
The resolution will be deleted.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.