Fix reading past end of array.

Fix a bug in the `NonDelegatingGetIids()` implementation that could cause reading past the end of the returned array. `std::copy()` returns a pointer to the next element in the array after the last element copied. The output argument `*array` was being assinged to this pointer after the first copy, causing it to no longer point to the beginning of the array. If the caller tries to access the full array after this, it will read past the end of the array and will miss the first elements of the array. To fix, introduce a new temporary `_array` variable to pass the result of the first copy as the starting point of the second copy. Also add a test that failed before the fix and passes after the fix.
microsoft · Jan 12, 2025 · efc2f0f · efc2f0f
1 parent fd0e959
commit efc2f0f
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 3 deletions.
diff --git a/strings/base_implements.h b/strings/base_implements.h
@@ -1033,8 +1033,8 @@ namespace winrt::impl
                     {
                         return error_bad_alloc;
                     }
-                    *array = std::copy(local_iids.second, local_iids.second + local_count, *array);
-                    std::copy(inner_iids.cbegin(), inner_iids.cend(), *array);
+                    auto _array = std::copy(local_iids.second, local_iids.second + local_count, *array);
+                    std::copy(inner_iids.cbegin(), inner_iids.cend(), _array);
                 }
                 else
                 {

diff --git a/test/old_tests/UnitTests/Composable.cpp b/test/old_tests/UnitTests/Composable.cpp
@@ -167,4 +167,20 @@ TEST_CASE("Composable conversions")
 {
     TestCalls(*make_self<Foo>());
     TestCalls(*make_self<Bar>());
-}
+}
+
+TEST_CASE("Composable get_interfaces")
+{
+    struct Foo : Composable::BaseT<Foo, IStringable> {
+        hstring ToString() const { return L"Foo"; }
+    };
+
+    auto obj = make<Foo>();
+    auto iids = winrt::get_interfaces(obj);
+    // BaseOverrides IID gets repeated twice. There are only 4 unique interfaces.
+    REQUIRE(iids.size() >= 4);
+    REQUIRE(std::find(iids.begin(), iids.end(), guid_of<IBase>()) != iids.end());
+    REQUIRE(std::find(iids.begin(), iids.end(), guid_of<IBaseProtected>()) != iids.end());
+    REQUIRE(std::find(iids.begin(), iids.end(), guid_of<IBaseOverrides>()) != iids.end());
+    REQUIRE(std::find(iids.begin(), iids.end(), guid_of<IStringable>()) != iids.end());
+}