Invalid read in TClassEdit #7903
Description
- Checked for duplicates
Describe the bug
TClassEdit reads behind the end of a static string to find the type of an STL container.
This breaks address sanitizer builds, because asan immediately stops at the invalid read when rootcling runs.
Expected behavior
It shouldn't read after the end of the string.
To Reproduce
Apply this patch:
--- a/core/foundation/src/TClassEdit.cxx
+++ b/core/foundation/src/TClassEdit.cxx
@@ -13,6 +13,7 @@
* For the list of contributors see $ROOTSYS/README/CREDITS. *
*************************************************************************/
+#include <array>
#include <cstdio>
#include <cstdlib>
#include <cassert>
@@ -557,7 +558,9 @@ ROOT::ESTLType TClassEdit::STLKind(std::string_view type)
int TClassEdit::STLArgs(int kind)
{
- static const char stln[] =// min number of container arguments
+ constexpr int nKind = 14;
+ assert(kind < nKind);
+ static constexpr std::array<char, nKind> stln = // min number of container arguments
// vector, list, deque, map, multimap, set, multiset, bitset,
{ 1, 1, 1, 1, 3, 3, 2, 2, 1,
// forward_list, unordered_set, unordered_multiset, unordered_map, unordered_multimap
Then build in debug mode. The assertion will fail when RVec shows up in this function, since it is not an STL container.
Setup
master
Sorry, I didn't check which other versions are affected.