json stream: Fix out-of-bound memory access by using *start+size instead of *end

[enrico-samknows]

Fix out-of-bound memory access by using start+size instead of a pointer to the first byte after buffer end.

By using clang AddressSanitizer, I got memory access errors when calling serialize() because the end_ pointer refers to a memory byte that is not owned by anyone (it's actually the first byte after the buffer). This PR fixes the error for me by using start_ and size_ to track the buffer boundaries.

[vinniefalco]

Why doesn't our asan target in CI report this?

[enrico-samknows]

I used ASAN_OPTIONS=detect_invalid_pointer_pairs=2. Is yours set to 0?

[cppalliance-bot]

Benchmark test results. More info at https://benchmark.cppalliance.org/jsonbenchmarks-pullrequests/663/pullrequest.html

[cppalliance-bot]

Benchmark test results. More info at https://benchmark.cppalliance.org/jsonbenchmarks-pullrequests/663/pullrequest.html

[vinniefalco]

I used ASAN_OPTIONS=detect_invalid_pointer_pairs=2. Is yours set to 0?

Good question :) If it isn't set to 2 then we should set it to 2. @sdarwin ?

[enrico-samknows]

Hello, any update on this? Is it worthwhile to you or should I close it?

[vinniefalco]

Nope don't close this

[grisumbras]

I fixed all asan failures I've managed to reproduce locally with the options you mentioned. Can you test current develop branch if your failures are reproducible still?

[enrico-samknows]

I fixed all asan failures I've managed to reproduce locally with the options you mentioned. Can you test current develop branch if your failures are reproducible still?

hello, will I get your changes if I try Boost "Version 1.83.0 beta 1"?

[grisumbras]

hello, will I get your changes if I try Boost "Version 1.83.0 beta 1"?

Yes.

[grisumbras]

I'm closing this for now. If the problem still occurs, please reopen.