incubator-stdcxx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Sebor (JIRA)" <j...@apache.org>
Subject [jira] Commented: (STDCXX-69) [MSVC 6,8] wcsxfrm (s1, s2, 0) writes past the end of the destination buffer
Date Sat, 19 Nov 2005 00:57:42 GMT
    [ http://issues.apache.org/jira/browse/STDCXX-69?page=comments#action_12358052 ] 

Martin Sebor commented on STDCXX-69:
------------------------------------

Filed here:
http://lab.msdn.microsoft.com/ProductFeedback/viewfeedback.aspx?feedbackid=fe5eb46e-228b-4e16-a4ff-fa8cba3b7955
======================================================================
Bug ID:         FDBK40794
Problem Type:   Bug
Status:         New
Microsoft Status:       Under Review
Opened Date:    2005-11-18 16:23:39
Opened By:      Martin Sebor
        
Product/Technology:     Visual C++
Version:        Visual Studio 2005
Product Language:       English
Category:       Libraries
OS:     Windows 2000 Server
OS Language:    US English
Submission Language:    English
======================================================================
Description:    
Opened by Martin Sebor on 2005-11-18 at 16:23:39
        
Similarly to FDBK40793, the C standard library function wcsxfrm() corrupts memory past the
end of the destination buffer.

Edited by Martin Sebor on 2005-11-18 at 16:29:41
        
FWIW, I see in our records that we reported this bug against MSVC 6 and that it was fixed
in MSVC 7 (the test case passes with it), so this must be a regression.

======================================================================
Steps to Reproduce:
$ cat t.cpp && cl t.cpp && ./t.exe
#include <assert.h>
#include <locale.h>
#include <string.h>

int main ()
{
    setlocale (LC_COLLATE, "ENU");

    wchar_t s1 [2] = { L'*', L'*' };
    wcsxfrm (s1, L"", 0);
    assert (L'*' == s1 [0] && L'*' == s1 [1]);
}
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 14.00.50727.42 for 80x86
Copyright (C) Microsoft Corporation. All rights reserved.

t.cpp
Microsoft (R) Incremental Linker Version 8.00.50727.42
Copyright (C) Microsoft Corporation. All rights reserved.

/out:t.exe
t.obj
Assertion failed: L'*' == s1 [0] && L'*' == s1 [1], file t.cpp, line 11

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
======================================================================
Actual Results:         Runtime error.
Expected Results:       No error.

> [MSVC 6,8] wcsxfrm (s1, s2, 0) writes past the end of the destination buffer
> ----------------------------------------------------------------------------
>
>          Key: STDCXX-69
>          URL: http://issues.apache.org/jira/browse/STDCXX-69
>      Project: STDCXX
>         Type: Bug
>     Versions: 4.1.2
>  Environment: MSVC 6, 8
>     Reporter: Martin Sebor
>      Fix For: 4.1.3

>
> When compiled with MSVC 6 and 8 (but not 7.1), the program below segfaults at runtime:
> $ cat t.cpp ; cl t.cpp && ./t.exe
> #include <locale.h>
> #include <wchar.h>
> int main ()
> {
>     if (setlocale (LC_COLLATE, "ENU"))
>         wcsxfrm (0, L"\x83", 0);
> }
> Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 12.00.8168 for 80x86
> Copyright (C) Microsoft Corp 1984-1998. All rights reserved.
> t.cpp
> t.cpp(8) : warning C4508: 'main' : function should return a value; 'void' return type
assumed
> Microsoft (R) Incremental Linker Version 6.00.8447
> Copyright (C) Microsoft Corp 1992-1998. All rights reserved.
> /out:t.exe
> t.obj
> [1] + Done(139) cat t.cpp ; cl t.cpp && ./t.exe
>  527 Segmentation violation ./t.exe

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message