unsafe string operation?

[tsprinkmeier]

ndppd/src/session.cc

Line 212 in 4f0301f

system(route_cmd.str().c_str());

I believe this line may be unsafe as there is no guarantee that the temporary instance of std::string (and therefore the buffer returned by the c_str() function) persists for the length of the call to system()

I propose the following change:

        // create a copy of the generated string for logging and executing
        const std::string str(route_cmd.str());
        logger::debug()
            << "session::system(" << str << ")";
        
        system(str.c_str());

[SpareSimian]

The call to system() is safe but two temporary std::strings are created, one for logging and one for invoking system(). So the proposed replacement code is slightly more efficient.

The temporary in the current call to system() lives to the end of the statement, after system() returns. So the C string will remain valid for the duration of the call.

[tsprinkmeier]

The temporary in the current call to system() lives to the end of the statement,

I thought the temporary instance was only guaranteed to live long enough to call "c_str()".
It was then eligible for destruction (i.e. before the system call is invoked).
The memory it allocated (i.e. the pointer c_str() returns) is unlikely to have been reused, so the call probably works.

[DanielAdolfsson]

Temporary objects are released at the end of a full-expression- in this case after the function call.
But if you want to reuse route_cmd.str(), you can open a PR

[tsprinkmeier]

I had a bug like this a LONG time ago before preserving temporary objects was a thing.
I'm glad this has been addressed and happy to have learnt something.