Bug in CAtlRegExp (atlrx.h)

Sep 24, 2007 at 10:07 AM

I don't seem to be able to create a new issue on this (server reports error on creation attempt), so I am opening this as a discussion.

This is a copy from

I have recently encountered another bug with ATL's regular expression class, Visual Studio 2005 SP1. Match method jumps beyond of the argument string what can end up with access violation etc.

This is the code to reproduce the problem:

CAtlRegExp<CAtlRECharTraitsA> Expression;
ATLVERIFY(Expression.Parse(" *{^ \\=\\,+ *}( *\\= *(({^ \\,\\\"?})|(\\\"{^\\\"?}\\\")) *)?(\\, *)?", FALSE) == REPARSEERROROK);
static CHAR g_pszValue[] = "realm=\"Session streamed by RTP/RTSP server\", nonce=\"c26b8dbee7f21b41de1f7ef9a56d5695\"";
for(LPCSTR pszPointer = g_pszValue; ; )
CAtlREMatchContext<CAtlRECharTraitsA> MatchContext;
LPCSTR pszNewPointer;
if(!Expression.Match(pszPointer, &MatchContext, &pszNewPointer))
ATLASSERT(pszNewPointer <= gpszValue + strlen(gpszValue) + 1);
pszPointer = pszNewPointer;

The code stops at ATLASSERT. I have a VS 2005 project reproducing this which I would attach if there were an option.

And this is what I believe to be a fix for the problem (atlrx.h):


// FIX: Roman's fix for !*szCurrInput bug
#if TRUE
if(*szCurrInput == '\0')
goto Error;

sz = CharTraits::Next(szCurrInput);
szCurrInput = sz;
if (*sz == '\0')
goto Error;
ip = 0;
pContext->m_nTos = 0;

I hope this information is useful.