incubator-stdcxx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Sebor (JIRA)" <j...@apache.org>
Subject [jira] Commented: (STDCXX-524) buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
Date Fri, 17 Aug 2007 23:24:31 GMT

    [ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12520707
] 

Martin Sebor commented on STDCXX-524:
-------------------------------------

Ouch!

The test driver defines the rw_tmpnam() function that's supposed to be used for creating temporary
file names. Looking at make_LC_TIME(), I don't think rw_tmpnam() is quite robust enough to
handle the use case there. I see two other alternatives to dealing with the bug besides the
one you suggest:

1. Forget about creating the files under the locale root directory and use rw_tmpnam() to
obtain the names of the two temporary files the function uses. Change the function to delete
the files when it's done generating the locale.

2. Replace rw_tmpnam() with rw_tempnam(), the equivalent of the POSIX tempnam() function,
and change make_LC_TIME() and all other clients of rw_tmpnam() to call rw_tempnam() instead.
See the POSIX man page for tempnam() here: http://www.opengroup.org/onlinepubs/009695399/functions/tempnam.html

> buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
> ------------------------------------------------------------
>
>                 Key: STDCXX-524
>                 URL: https://issues.apache.org/jira/browse/STDCXX-524
>             Project: C++ Standard Library
>          Issue Type: Bug
>          Components: Tests
>            Reporter: Travis Vitek
>            Priority: Trivial
>
> This test uses L_tmpnam to determine the length of a buffer used to store a filename
string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written
to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf()
call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the
buffer should be made larger, or some other method should be used to fill the buffer. Perhaps
this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> #  define _PATH_MAX PATH_MAX
> #else
> #  define _PATH_MAX _MAX_PATH
> #endif
>     char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
>     std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message