stdcxx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Travis Vitek (JIRA)" <>
Subject [jira] Commented: (STDCXX-524) buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
Date Thu, 06 Sep 2007 18:36:32 GMT


Travis Vitek commented on STDCXX-524:

I would need to delete the files if I call rw_tmpnam() or the proposed rw_tempname().

The existing code creates a file with explicit names and leaves them on disk. Is there any
good reason for these files to be left hanging around? If not, the best solution is probably
to use the existing rw_tmpnam() and delete the files afterward. I don't believe that I need
to put the source files into the $locale_root directory to be able to run the locale utility
on them, so I don't think that I need to write rw_tempnam() [though if you want rw_tempnam(),
that could be added under a seperate issue].

If these files should remain, I think the best solution is probably to allocate filename buffers
and format the filename into them, possibly using rw_sprintfa(). This would maintain the current
behavior with the exception of the buffer overflow.

Please advise.

> buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
> ------------------------------------------------------------
>                 Key: STDCXX-524
>                 URL:
>             Project: C++ Standard Library
>          Issue Type: Bug
>          Components: Tests
>    Affects Versions: 4.1.2, 4.1.3, 4.1.4
>            Reporter: Travis Vitek
>            Assignee: Travis Vitek
>            Priority: Trivial
>             Fix For: 4.2.1
> This test uses L_tmpnam to determine the length of a buffer used to store a filename
string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written
to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf()
call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the
buffer should be made larger, or some other method should be used to fill the buffer. Perhaps
this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> #  define _PATH_MAX PATH_MAX
> #else
> #  define _PATH_MAX _MAX_PATH
> #endif
>     char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
>     std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message