Fix security issue #364 and non-keyword subgraph parsing #376
Conversation
Works around invalidation of bundle property maps (see boostorg#373). The `#if SEHE_UNSTABLE_PROPERTY_MAPS_FIXED` section is there to signal my intent to investigate a generalized fix under that issue. It doubles as literate documentation of the need for the workaround, so it's less likely to bite the unwary.
sehe
changed the title
|
Can confirm this fixes #364 correctly
|
The code was mostly fine (except for unhygienic `using namespace` in places), but it was hard to see what was covered. I've seperated fixtures (sample input + expected output) and this will simplify invoking the ComparisonDriver (test_graph).
Non-keyword graphs never worked (!). This was uncovered because of security issue boostorg#364. parse_subgraph() incorrectly dealt with first_token in the case where the `subgraph` keyword wasn't used.
|
Updated for review comments #364 (comment) |
Eliminating need for manual re-test after review updates PR boostorg#376
|
Added |
|
Do you need to rebase this? It has all the changes from the second PR. (Never mind the Drone failures, they're just a network glitch.) |
Not necessarily. It's how dependent PRs work in Github (note that I started all PRs with the warning and also explicitly stated it before creating them). Therefore, the second PR already had the same dependency, and it worked "fine":
Rebasing first might simplify the revision graph every so slightly (it's why I prefer linear-only history with ff-only merges). As a late thought: should I have edited my name into the authors for test/graphviz_test.cpp? |
|
OK, I'm still a bit confused as to why it is showing all the changes from the second PR, which is merged, but I'll merge this and see what happens. |
(Note: this PR builds in #375 and #374)
Three commits in this PR:
The last one actually fixes #364