<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Issue 3097: basic_stringbuf seekoff effects trigger undefined behavior and have contradictory returns</title>
<meta property="og:title" content="Issue 3097: basic_stringbuf seekoff effects trigger undefined behavior and have contradictory returns">
<meta property="og:description" content="C++ library issue. Status: New">
<meta property="og:url" content="https://cplusplus.github.io/LWG/issue3097.html">
<meta property="og:type" content="website">
<meta property="og:image" content="http://cplusplus.github.io/LWG/images/cpp_logo.png">
<meta property="og:image:alt" content="C++ logo">
<style>
  p {text-align:justify}
  li {text-align:justify}
  pre code.backtick::before { content: "`" }
  pre code.backtick::after { content: "`" }
  blockquote.note
  {
    background-color:#E0E0E0;
    padding-left: 15px;
    padding-right: 15px;
    padding-top: 1px;
    padding-bottom: 1px;
  }
  ins {background-color:#A0FFA0}
  del {background-color:#FFA0A0}
  table.issues-index { border: 1px solid; border-collapse: collapse; }
  table.issues-index th { text-align: center; padding: 4px; border: 1px solid; }
  table.issues-index td { padding: 4px; border: 1px solid; }
  table.issues-index td:nth-child(1) { text-align: right; }
  table.issues-index td:nth-child(2) { text-align: left; }
  table.issues-index td:nth-child(3) { text-align: left; }
  table.issues-index td:nth-child(4) { text-align: left; }
  table.issues-index td:nth-child(5) { text-align: center; }
  table.issues-index td:nth-child(6) { text-align: center; }
  table.issues-index td:nth-child(7) { text-align: left; }
  table.issues-index td:nth-child(5) span.no-pr { color: red; }
  @media (prefers-color-scheme: dark) {
     html {
        color: #ddd;
        background-color: black;
     }
     ins {
        background-color: #225522
     }
     del {
        background-color: #662222
     }
     a {
        color: #6af
     }
     a:visited {
        color: #6af
     }
     blockquote.note
     {
        background-color: rgba(255, 255, 255, .10)
     }
  }
</style>
</head>
<body>
<hr>
<p><em>This page is a snapshot from the LWG issues list, see the <a href="lwg-active.html">Library Active Issues List</a> for more information and the meaning of <a href="lwg-active.html#New">New</a> status.</em></p>
<h3 id="3097"><a href="lwg-active.html#3097">3097</a>. <code>basic_stringbuf seekoff</code> effects trigger undefined behavior and have contradictory returns</h3>
<p><b>Section:</b> 31.8.2.5 <a href="https://wg21.link/stringbuf.virtuals">[stringbuf.virtuals]</a> <b>Status:</b> <a href="lwg-active.html#New">New</a>
 <b>Submitter:</b> Billy O'Neal III <b>Opened:</b> 2018-04-07 <b>Last modified:</b> 2020-09-06</p>
<p><b>Priority: </b>3
</p>
<p><b>View other</b> <a href="lwg-index-open.html#stringbuf.virtuals">active issues</a> in [stringbuf.virtuals].</p>
<p><b>View all other</b> <a href="lwg-index.html#stringbuf.virtuals">issues</a> in [stringbuf.virtuals].</p>
<p><b>View all issues with</b> <a href="lwg-status.html#New">New</a> status.</p>
<p><b>Discussion:</b></p>
<p>
Paragraph citations relative to <a href="https://wg21.link/n4727">N4727</a>.
</p>
<p>
[stringbuf.virtuals]/10 says that <code>newoff</code> might be calculated from <code>xnext - xbegin</code>, 
or from <code>high_mark - xbegin</code>. After <code>newoff</code> is calculated, it does the null pointer 
check against and zero offset check. However, that means the effects may have already done 
<code>nullptr -</code> non-<code>nullptr</code>, or non-<code>nullptr - nullptr</code>, which [expr.add]/5 says 
is undefined behavior.
<p/>
Moreover, the attempt at avoiding this problem only tests <code>newoff</code>, not the value actually used 
which is <code>newoff + off</code>. For example, <code>buf.seekoff(100, ios_base::beg, ios_base::out)</code> 
on a read-only <code>streambuf</code> would try to assign <code>pptr() + newoff + off to pptr()</code>, but 
<code>pptr()</code> may have been <code>nullptr</code>, giving <code>nullptr + 0 + 100</code> which triggers UB. 
(Perhaps the "refers to an uninitialized character" bit protects that though).
<p/>
Last, the <i>Returns:</i> element says that it returns <code>newoff</code>, but then also says it returns 
the resulting stream position, which should be something like <code>newoff + off</code>. (I checked libc++ 
and MSVC++ and we both return <code>newoff + off</code>)
<p/>
We probably want to resolve that by renaming the value that comes out of Table 108 to something like 
"<code>basis</code>" and make "<code>newoff</code>" actually be the new offset instead of the starting offset.
</p>

<p><i>[2018-04-16 Priority set to 3 after discussion on the reflector.]</i></p>



<p id="res-3097"><b>Proposed resolution:</b></p>





</body>
</html>
