Opened 3 years ago

Closed 16 months ago

#12253 closed Bugs (fixed)

UUID Valid String Semantics are Erratic

Reported by: Aaron <dartme18@…> Owned by: James E. King, III
Milestone: Boost 1.66.0 Component: uuid
Version: Boost 1.60.0 Severity: Problem
Keywords: Cc: dartme18@…


In boost/uuid/string_generator.hpp unsigned char get_value(char c) const, the hex characters [0123456789abcdefABCDEF] are handled explicitly, and any other character is treated as 0xFF (255). However, from line 89 (within operator()), if there is a dash in the ninth character, but not in the fourteenth, etc., throw_invalid is called. That means that the uuid "Have a great big roast-beef sandwich!" will not throw, but "01234567-89abcdef-0123-456789abcdef" will.

Instead of allowing most invalid characters (excepting dashes and lack of braces in certain positions), we should disallow anything but the standard hex digits as digits. Besides the brace and dash handling as it currently is, only [0123456789abcdefABCDEF] should be allowed.

Change History (7)

comment:1 Changed 3 years ago by Michel Morin

Component: Noneuuid
Owner: set to Andy Tompkins

comment:2 Changed 17 months ago by jim.king@…

I can confirm this behavior in boost 1.62 as well:

    //! Convert a string to a GUID
    inline GUID stog(const std::string& gs)
        BOOST_STATIC_ASSERT(sizeof(GUID) == sizeof(boost::uuids::uuid));
        GUID result;
        memcpy(&result, boost::uuids::string_generator()(gs).data, sizeof(GUID));
        return result;

Sitting in the debugger, we see I passed in an invalid uuid string but I got back a GUID that has FFFF in place of the "zzzz" I put in there:

+	gs	                   "83f8638b-8dca-4152-zzzz-2ca8b33039b4"	const 
+	&result	0x0000005305f9ed38 {8B63F883-CA8D-5241-FFFF-2CA8B33039B4}	_GUID *

I would also like to see the parser here changed to be much more strict.

comment:3 Changed 17 months ago by James E. King, III <jking@…>

A fix for this can be found in PR

comment:4 Changed 17 months ago by James E. King, III <jking@…>

Milestone: Boost 1.61.0To Be Determined

I changed the milestone from 1.61.0 to "To Be Determined" because it wasn't fixed in 1.61.0

comment:5 Changed 16 months ago by James E. King, III

Owner: changed from Andy Tompkins to James E. King, III

comment:6 Changed 16 months ago by James E. King, III

Milestone: To Be DeterminedBoost 1.66.0

comment:7 Changed 16 months ago by James E. King, III

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.