stdcxx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Sebor (JIRA)" <>
Subject [jira] Commented: (STDCXX-524) buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
Date Fri, 17 Aug 2007 23:24:31 GMT


Martin Sebor commented on STDCXX-524:


The test driver defines the rw_tmpnam() function that's supposed to be used for creating temporary
file names. Looking at make_LC_TIME(), I don't think rw_tmpnam() is quite robust enough to
handle the use case there. I see two other alternatives to dealing with the bug besides the
one you suggest:

1. Forget about creating the files under the locale root directory and use rw_tmpnam() to
obtain the names of the two temporary files the function uses. Change the function to delete
the files when it's done generating the locale.

2. Replace rw_tmpnam() with rw_tempnam(), the equivalent of the POSIX tempnam() function,
and change make_LC_TIME() and all other clients of rw_tmpnam() to call rw_tempnam() instead.
See the POSIX man page for tempnam() here:

> buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
> ------------------------------------------------------------
>                 Key: STDCXX-524
>                 URL:
>             Project: C++ Standard Library
>          Issue Type: Bug
>          Components: Tests
>            Reporter: Travis Vitek
>            Priority: Trivial
> This test uses L_tmpnam to determine the length of a buffer used to store a filename
string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written
to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf()
call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the
buffer should be made larger, or some other method should be used to fill the buffer. Perhaps
this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> #  define _PATH_MAX PATH_MAX
> #else
> #  define _PATH_MAX _MAX_PATH
> #endif
>     char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
>     std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message