Months ago I implemented a component which receives data via UDP-network, deserializes it via Boost::Serialization and starts working with the incoming objects.
After some time of using this component random crashes occured, which I could solve when finding out that someone else is sending data to my UDP-Port.
I solved this problem by simply adding a try/catch around the deserialization:
try
{
boost::archive::text_iarchive inputArchive(incomingData);
inputArchive >> givenElements; //the actual deserialization, here the exception has been thrown in the past
}
catch( boost::archive::archive_exception& ex )
{
std::cout << "Archive Exception during deserializing:" << std::endl;
std::cout << ex.what() << std::endl;
std::cout << "Incom开发者_如何学JAVAing data had the following content:" << std::endl;
std::cout << dataStream.str() << std::endl;
}
The above code sorted out any foreign/corrupt data coming in via network and just deserializes data which was meant to be.
Back then I worked with an older Boost-Version (I don't know really well, 1.44, 1.42?) on a Linux-Machine.
Currently I have to use the component again on a Windows XP machine with a fairly new Boost 1.46.1. Now the problem is, that the try/catch does not seem to filter the foreign/corrupt data anymore. As far as something from that code is incoming, my application crashes without any error-message.
It is not possible for me to change the Port I'm listening to. Besides that I want to create a robust application which ignores data it could not work with instead of crashing.
I'm now wondering if anyone has an idea why this effect occurs? Has Boost been getting less robust? Is this something with the OS? I have no idea and hope this is kind of a question someone who is "more into Boost" could answer.
My answer is not directly related to boost serialization but it is always a good idea to do some validation on incoming data from network before entering deeper logic.
Before diving deep into boost serialization I suggest you :
- Check the size of UDP packet
- If you are using some kind of header do some validation
- Whatever seems appropriate for you case
and then try to deserialize the packet. This way you can filter out foreign packets yourself instead of *relying on boost.
精彩评论