stdcxx-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Farid Zaripov (JIRA)" <j...@apache.org>
Subject [jira] Commented: (STDCXX-765) Incorrect using rw_asnprintf() with %{+} format and not NUL-terminated buffer in _rw_fmtflags(), _rw_fmtevent(), _rw_fmtlc()
Date Mon, 17 Mar 2008 10:25:25 GMT

    [ https://issues.apache.org/jira/browse/STDCXX-765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12579378#action_12579378
] 

Farid Zaripov commented on STDCXX-765:
--------------------------------------

The %{If} and %{Ie} format's along with %{Lc} format weren't exercised in 0.printf until [http://svn.apache.org/viewvc?rev=637399&view=rev
this] commit.

> Incorrect using  rw_asnprintf() with %{+} format and not NUL-terminated buffer in _rw_fmtflags(),
_rw_fmtevent(), _rw_fmtlc()
> -----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: STDCXX-765
>                 URL: https://issues.apache.org/jira/browse/STDCXX-765
>             Project: C++ Standard Library
>          Issue Type: Bug
>          Components: Test Driver
>    Affects Versions: 4.2.0
>         Environment: All
>            Reporter: Farid Zaripov
>             Fix For: 4.2.1
>
>         Attachments: stdcxx-765.diff
>
>
> The buf parameter of the _rw_fmtflags(), _rw_fmtevent() and _rw_fmtlc() functions contains
not NUL-terminated data. The length of data in buf is stored in buf.endoff.
> The rw_asnprintf() function accepts the only buf.pbuf and buf.pbufsize, but not buf.endoff.
When %{+} format is used, the length of data in buf calculated using strlen() function, but
this length is incorrect due to data is not NUL-terminated.
> Another bug is that _rw_fmtflags(), _rw_fmtevent() and _rw_fmtlc() functions are returns
len, but without updating the buf.endoff. Due to this the result of rw_asnprintf() is cutted
in further processing.
> These problems are detected in 0.printf test after latest update.
> The schematic patch without error checking is below. This patch is not intended to apply.
It's only shows how these bugs should be fixed.
> {noformat}
> Index: tests/src/fmt_bits.cpp
> ===================================================================
> --- tests/src/fmt_bits.cpp	(revision 637399)
> +++ tests/src/fmt_bits.cpp	(working copy)
> @@ -204,9 +204,12 @@
>  
>  #endif   // _RWSTD_NO_EXT_BIN_IO
>  
> -        len = rw_asnprintf (buf.pbuf, buf.pbufsize,
> -                            "%{+} | %{?}std::ios::%{;}base(%d)",
> -                            spec.fl_pound, base);
> +        (*buf.pbuf) [buf.endoff] = '\0';
> +        int res = rw_asnprintf (buf.pbuf, buf.pbufsize,
> +                                "%{+} | %{?}std::ios::%{;}base(%d)",
> +                                spec.fl_pound, base);
> +        buf.endoff += res;
> +        len += res;
>      }
>  
>      return len;
> @@ -303,9 +306,12 @@
>          : std::ios::erase_event   == event ? "erase_event"
>          : 0;
>  
> -    return rw_asnprintf (buf.pbuf, buf.pbufsize,
> -                         "%{+}%{?}std::ios::%{;}%{?}%s%{:}event(%d)%{;}",
> -                         spec.fl_pound, 0 != str, str, event);
> +    (*buf.pbuf) [buf.endoff] = '\0';
> +    int len = rw_asnprintf (buf.pbuf, buf.pbufsize,
> +                            "%{+}%{?}std::ios::%{;}%{?}%s%{:}event(%d)%{;}",
> +                            spec.fl_pound, 0 != str, str, event);
> +    buf.endoff += len;
> +    return len;
>  }
>  
>  /********************************************************************/
> @@ -329,8 +335,12 @@
>  
>      }
>  
> -    if (str)
> -        return rw_asnprintf (buf.pbuf, buf.pbufsize, "%{+}%s", str);
> +    if (str) {
> +        (*buf.pbuf) [buf.endoff] = '\0';
> +        int len = rw_asnprintf (buf.pbuf, buf.pbufsize, "%{+}%s", str);
> +        buf.endoff += len;
> +        return len;
> +    }
>  
>      static const Bitnames names [] = {
>          BITNAME (std::locale, all),
> {noformat}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message