mirror of
https://github.com/scylladb/scylladb.git
synced 2026-05-30 03:30:49 +00:00
ffefa1aa05
std::string_view is not guaranteed to point to null-terminated string literals, it may point to a substring of such a string or a string which is not null-terminated. cql_duration() constructor obtains data() pointer from std::string_view and creates another std::string_view from it, after some conditional pointer arithmetics. Constructing a new std::string_view from a raw pointer, without specifying its length, will lead to strlen() being called on the pointer, resulting in undefined behaviour if the string is not null-terminated. Use substr() instead of pointer arithmetics to avoid this problem altogether. boost::regex_match() invokations also use std::string_view::data(). This leads to strlen() and heap-buffer-overflow if the string is not null-terminated. Invoke the overload which takes an iterator pair instead. Not a problem on current master, as all callers pass null-terminated strings.