prepare for 5.2.5

.github/FUNDING.yml

@@ -0,0 +1,8 @@
+---
+github: fraillt
+buy_me_a_coffee: fraillt
+custom:
+  - "https://www.paypal.com/paypalme/fraillt"
+  - "https://explorer.solana.com/address/5uHU32nBuniRxg6RZu4tsLWrXGFFz4pwMGHGuCLmkGJQ"
+  - "https://etherscan.io/address/0xe51cb417d1BFcd3EE4cfad9fa11b05631823AADb"
+  - "https://polygonscan.com/address/0xe51cb417d1BFcd3EE4cfad9fa11b05631823AADb"

CHANGELOG.md

@@ -1,3 +1,15 @@
+# [5.2.5](https://github.com/fraillt/bitsery/compare/v5.2.4...v5.2.5) (2025-10-09)
+
+### Bug fixes
+* fix security issue during deserialization where a crafted payload could cause a shared pointer to be assigned to a different type. More information is [here](https://gist.github.com/TrebledJ/750abc64a826f19dd2d6774724629b71). (huge thanks to [Johnathan](https://github.com/TrebledJ))
+* fix serialization of shared polymorphic pointer-like types by correctly identifying same object (e.g. the same object serialized through `Base` or `Derived` would otherwise have different pointer addresses).
+* fix polymorphic type assignment to "observer" by adjusting pointer address.
+* fix spelling of C++ "likely" attribute. #121 (thanks to [Jules](https://github.com/jules-ai))
+
+### Other notes
+* format code that was left unformatted in the previous version.
+* remove broken patch for GCC 4.8.2 (CentOS 7).
+
 # [5.2.4](https://github.com/fraillt/bitsery/compare/v5.2.3...v5.2.4) (2024-07-30)
 
 ### Improvements

CMakeLists.txt

@@ -1,7 +1,7 @@
 cmake_minimum_required(VERSION 3.25)
 project(bitsery
         LANGUAGES CXX
-        VERSION 5.2.4)
+        VERSION 5.2.5)
 
 #======== build options ===================================
 option(BITSERY_BUILD_EXAMPLES "Build examples" OFF)

README.md

@@ -102,9 +102,13 @@ Works with C++11 compiler, no additional dependencies, include `<bitsery/bitsery
 
 Library is tested on all major compilers on Windows, Linux and macOS.
 
-There is a patch that allows using bitsery with non-fully compatible C++11 compilers.
-* CentOS 7 with gcc 4.8.2.
-
 ## License
 
 **bitsery** is licensed under the [MIT license](LICENSE).
+
+## 💖 Sponsor Me?
+
+If you find this project useful or interesting, or just want to say thanks, you can buy me a coffee!
+Your support keeps me motivated to maintaining and improving this project.
+
+[**Thank you!**](https://github.com/sponsors/fraillt)

include/bitsery/bitsery.h

@@ -25,7 +25,7 @@
 
 #define BITSERY_MAJOR_VERSION 5
 #define BITSERY_MINOR_VERSION 2
-#define BITSERY_PATCH_VERSION 4
+#define BITSERY_PATCH_VERSION 5
 
 #define BITSERY_QUOTE_MACRO(name) #name
 #define BITSERY_BUILD_VERSION_STR(major, minor, patch)                         \

patches/README.md

@@ -1,11 +0,0 @@
-# Compiler specific patches
-
-This folder will provide patches for various C++ compilers that are not C++11 compatible yet. This allows providing any fix for any compiler, without polluting core library with compiler-specific fixes.
-
-A patch can be applied either with `git apply` or `patch` command, like this:
-```bash
-git apply patches/<patch_name>
-patch -p1 < patches/<patch_name>
-```
-
-* [centos7_gcc4.8.2.diff](centos7_gcc4.8.2.diff) in this version, unordered_map is not fully C++11 compatible yet. It is lacking some constructors that accept allocator, and isn't using `std::allocator_traits`.

patches/centos7_gcc4.8.2.diff

@@ -1,119 +0,0 @@
-diff --git a/include/bitsery/details/serialization_common.h b/include/bitsery/details/serialization_common.h
-index 6d5a441..462cee2 100644
---- a/include/bitsery/details/serialization_common.h
-+++ b/include/bitsery/details/serialization_common.h
-@@ -380,7 +380,7 @@ namespace bitsery {
-             template <typename ... TArgs>
-             explicit AdapterAndContextRef(Context& ctx, TArgs&& ... args)
-                 : _adapter{std::forward<TArgs>(args)...},
--                  _context{ctx}
-+                  _context(ctx)
-             {
-             }
- 
-diff --git a/include/bitsery/ext/inheritance.h b/include/bitsery/ext/inheritance.h
-index f4c6655..5cd44ab 100644
---- a/include/bitsery/ext/inheritance.h
-+++ b/include/bitsery/ext/inheritance.h
-@@ -36,7 +36,7 @@ namespace bitsery {
-         class InheritanceContext {
-         public:
-             explicit InheritanceContext(MemResourceBase* memResource = nullptr)
--                :_virtualBases{pointer_utils::StdPolyAlloc<const void*>{memResource}}
-+                :_virtualBases{0, std::hash<const void*>{}, std::equal_to<const void*>{}, pointer_utils::StdPolyAlloc<const void*>{memResource}}
-                 {}
-             InheritanceContext(const InheritanceContext&) = delete;
-             InheritanceContext&operator = (const InheritanceContext&) = delete;
-diff --git a/include/bitsery/ext/utils/memory_resource.h b/include/bitsery/ext/utils/memory_resource.h
-index 472965a..18b3f31 100644
---- a/include/bitsery/ext/utils/memory_resource.h
-+++ b/include/bitsery/ext/utils/memory_resource.h
-@@ -24,6 +24,7 @@
- #define BITSERY_EXT_MEMORY_RESOURCE_H
- 
- #include "../../details/serialization_common.h"
-+#include <cstddef>
- #include <new>
- 
- namespace bitsery {
-@@ -128,6 +129,40 @@ namespace bitsery {
-             public:
-                 using value_type = T;
- 
-+                using pointer = T*;
-+                using const_pointer = const T*;
-+                using reference = T&;
-+                using const_reference = const T&;
-+                using size_type = size_t;
-+                using difference_type = ptrdiff_t;
-+
-+                size_t max_size() const noexcept {
-+                    return std::numeric_limits<size_t>::max() / sizeof(value_type);
-+                }
-+
-+                void construct(T *p, const T &val) {
-+                    new((void *) p) T(val);
-+                }
-+
-+                template<class U, class... Args>
-+                void construct(U *p, Args &&... args) {
-+                    new((void *) p) U(std::forward<Args>(args)...);
-+                }
-+
-+                void destroy(T *p) {
-+                    p->~T();
-+                }
-+
-+                template<class U>
-+                void destroy(U *p) {
-+                    p->~U();
-+                }
-+
-+                template<typename U>
-+                struct rebind {
-+                    using other = StdPolyAlloc<U>;
-+                };
-+
-                 explicit constexpr StdPolyAlloc(MemResourceBase* memResource)
-                     :_alloc{memResource} {}
-                 explicit constexpr StdPolyAlloc(PolyAllocWithTypeId alloc) : _alloc{alloc} {}
-diff --git a/include/bitsery/ext/utils/pointer_utils.h b/include/bitsery/ext/utils/pointer_utils.h
-index f6f90da..6b65600 100644
---- a/include/bitsery/ext/utils/pointer_utils.h
-+++ b/include/bitsery/ext/utils/pointer_utils.h
-@@ -153,7 +153,7 @@ namespace bitsery {
-             public:
-                 explicit PointerLinkingContextSerialization(MemResourceBase* memResource = nullptr)
-                     : _currId{0},
--                      _ptrMap{StdPolyAlloc<std::pair<const void* const, PLCInfoSerializer>>{memResource}} {}
-+                      _ptrMap{0, std::hash<const void*>{}, std::equal_to<const void*>{}, StdPolyAlloc<std::pair<const void* const, PLCInfoSerializer>>{memResource}} {}
- 
-                 PointerLinkingContextSerialization(const PointerLinkingContextSerialization&) = delete;
- 
-@@ -198,7 +198,7 @@ namespace bitsery {
-             public:
-                 explicit PointerLinkingContextDeserialization(MemResourceBase* memResource = nullptr)
-                     : _memResource{memResource},
--                    _idMap{StdPolyAlloc<std::pair<const size_t, PLCInfoDeserializer>>{memResource}} {}
-+                    _idMap{0, std::hash<size_t>{}, std::equal_to<size_t>{}, StdPolyAlloc<std::pair<const size_t, PLCInfoDeserializer>>{memResource}} {}
- 
-                 PointerLinkingContextDeserialization(const PointerLinkingContextDeserialization&) = delete;
- 
-diff --git a/include/bitsery/ext/utils/polymorphism_utils.h b/include/bitsery/ext/utils/polymorphism_utils.h
-index 6678230..a2cef4d 100644
---- a/include/bitsery/ext/utils/polymorphism_utils.h
-+++ b/include/bitsery/ext/utils/polymorphism_utils.h
-@@ -185,11 +185,8 @@ namespace bitsery {
- 
-             explicit PolymorphicContext(MemResourceBase* memResource = nullptr)
-                 :_memResource{memResource},
--                _baseToDerivedMap{pointer_utils::StdPolyAlloc<std::pair<const BaseToDerivedKey,
--                std::shared_ptr<PolymorphicHandlerBase>>>{memResource}},
--                 _baseToDerivedArray{pointer_utils::StdPolyAlloc<std::pair<const size_t,
--                     std::vector<size_t, pointer_utils::StdPolyAlloc<size_t>>>>{memResource}}
--            {}
-+                _baseToDerivedMap{0, BaseToDerivedKeyHashier{}, std::equal_to<BaseToDerivedKey>{}, pointer_utils::StdPolyAlloc<std::pair<const BaseToDerivedKey, std::shared_ptr<PolymorphicHandlerBase>>>{memResource}},
-+                _baseToDerivedArray{0, std::hash<size_t>{}, std::equal_to<size_t>{}, pointer_utils::StdPolyAlloc<std::pair<const size_t, std::vector<size_t, pointer_utils::StdPolyAlloc<size_t>>>>{memResource}} {}
- 
-             PolymorphicContext(const PolymorphicContext& ) = delete;
-             PolymorphicContext& operator = (const PolymorphicContext&) = delete;