From stdcxx-dev-return-4798-apmail-incubator-stdcxx-dev-archive=incubator.apache.org@incubator.apache.org Thu Sep 06 18:36:53 2007 Return-Path: Delivered-To: apmail-incubator-stdcxx-dev-archive@www.apache.org Received: (qmail 92533 invoked from network); 6 Sep 2007 18:36:53 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 6 Sep 2007 18:36:53 -0000 Received: (qmail 56884 invoked by uid 500); 6 Sep 2007 18:36:47 -0000 Delivered-To: apmail-incubator-stdcxx-dev-archive@incubator.apache.org Received: (qmail 56821 invoked by uid 500); 6 Sep 2007 18:36:47 -0000 Mailing-List: contact stdcxx-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: stdcxx-dev@incubator.apache.org Delivered-To: mailing list stdcxx-dev@incubator.apache.org Received: (qmail 56809 invoked by uid 99); 6 Sep 2007 18:36:47 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Sep 2007 11:36:47 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Sep 2007 18:36:52 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 8B44C7141F2 for ; Thu, 6 Sep 2007 11:36:32 -0700 (PDT) Message-ID: <15058435.1189103792566.JavaMail.jira@brutus> Date: Thu, 6 Sep 2007 11:36:32 -0700 (PDT) From: "Travis Vitek (JIRA)" To: stdcxx-dev@incubator.apache.org Subject: [jira] Commented: (STDCXX-524) buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME) In-Reply-To: <3216819.1187389350772.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12525493 ] Travis Vitek commented on STDCXX-524: ------------------------------------- I would need to delete the files if I call rw_tmpnam() or the proposed rw_tempname(). The existing code creates a file with explicit names and leaves them on disk. Is there any good reason for these files to be left hanging around? If not, the best solution is probably to use the existing rw_tmpnam() and delete the files afterward. I don't believe that I need to put the source files into the $locale_root directory to be able to run the locale utility on them, so I don't think that I need to write rw_tempnam() [though if you want rw_tempnam(), that could be added under a seperate issue]. If these files should remain, I think the best solution is probably to allocate filename buffers and format the filename into them, possibly using rw_sprintfa(). This would maintain the current behavior with the exception of the buffer overflow. Please advise. > buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME) > ------------------------------------------------------------ > > Key: STDCXX-524 > URL: https://issues.apache.org/jira/browse/STDCXX-524 > Project: C++ Standard Library > Issue Type: Bug > Components: Tests > Affects Versions: 4.1.2, 4.1.3, 4.1.4 > Reporter: Travis Vitek > Assignee: Travis Vitek > Priority: Trivial > Fix For: 4.2.1 > > > This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work. > #if !defined (_WIN32) && !defined (_WIN64) > # define _PATH_MAX PATH_MAX > #else > # define _PATH_MAX _MAX_PATH > #endif > char srcfname [_PATH_MAX]; // [L_tmpnam + 32]; > std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root); -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.