fix(libstore-tests): remove use-after-free bug for StringSource

Unfortunately `StringSource` class is very easy was very easy to misuse because the ctor took a plain `std::string_view` which has a bad habit of being implicitly convertible from an rvalue `std::string`. This lead to unintentional use-after-free bugs. This patch makes `StringSource` much harder to misuse by disabling the ctor from a `std::string &&` (but `const std::string &` is ok). Fix affected tests from libstore-tests. Reformat those tests with clangd's range formatting since the diff is tiny and it seems appropriate.
2025-07-06 00:51:47 +02:00 · 2024-11-06 02:21:35 +03:00 · 2024-11-06 02:21:35 +03:00 · 5bc8957c73
commit 5bc8957c73
parent e65510da56
3 changed files with 16 additions and 22 deletions
--- a/src/libutil/serialise.hh
+++ b/src/libutil/serialise.hh
@ -2,6 +2,7 @@
 ///@file

 #include <memory>
+#include <type_traits>

 #include "types.hh"
 #include "util.hh"
@ -202,7 +203,14 @@ struct StringSource : Source
 {
    std::string_view s;
    size_t pos;
+
+    // NOTE: Prevent unintentional dangling views when an implicit conversion
+    // from std::string -> std::string_view occurs when the string is passed
+    // by rvalue.
+    StringSource(std::string &&) = delete;
    StringSource(std::string_view s) : s(s), pos(0) { }
+    StringSource(const std::string& str): StringSource(std::string_view(str)) {}
+
    size_t read(char * data, size_t len) override;
 };