From issues-return-632-apmail-stdcxx-issues-archive=stdcxx.apache.org@stdcxx.apache.org Mon Mar 17 10:29:21 2008 Return-Path: Delivered-To: apmail-stdcxx-issues-archive@locus.apache.org Received: (qmail 52067 invoked from network); 17 Mar 2008 10:29:21 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 17 Mar 2008 10:29:21 -0000 Received: (qmail 3533 invoked by uid 500); 17 Mar 2008 10:29:08 -0000 Delivered-To: apmail-stdcxx-issues-archive@stdcxx.apache.org Received: (qmail 3515 invoked by uid 500); 17 Mar 2008 10:29:08 -0000 Mailing-List: contact issues-help@stdcxx.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@stdcxx.apache.org Delivered-To: mailing list issues@stdcxx.apache.org Received: (qmail 3503 invoked by uid 99); 17 Mar 2008 10:29:08 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Mar 2008 03:29:08 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Mar 2008 10:28:27 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 6EA36234C09C for ; Mon, 17 Mar 2008 03:27:24 -0700 (PDT) Message-ID: <1405847319.1205749644451.JavaMail.jira@brutus> Date: Mon, 17 Mar 2008 03:27:24 -0700 (PDT) From: "Farid Zaripov (JIRA)" To: issues@stdcxx.apache.org Subject: [jira] Issue Comment Edited: (STDCXX-765) Incorrect using rw_asnprintf() with %{+} format and not NUL-terminated buffer in _rw_fmtflags(), _rw_fmtevent(), _rw_fmtlc() In-Reply-To: <940717969.1205594904781.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/STDCXX-765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12579378#action_12579378 ] farid edited comment on STDCXX-765 at 3/17/08 3:26 AM: --------------------------------------------------------------- The %{If} and %{Ie} format's along with %{Lc} format weren't exercised in 0.printf until [this|http://svn.apache.org/viewvc?rev=637399&view=rev] commit. was (Author: farid): The %{If} and %{Ie} format's along with %{Lc} format weren't exercised in 0.printf until [http://svn.apache.org/viewvc?rev=637399&view=rev this] commit. > Incorrect using rw_asnprintf() with %{+} format and not NUL-terminated buffer in _rw_fmtflags(), _rw_fmtevent(), _rw_fmtlc() > ----------------------------------------------------------------------------------------------------------------------------- > > Key: STDCXX-765 > URL: https://issues.apache.org/jira/browse/STDCXX-765 > Project: C++ Standard Library > Issue Type: Bug > Components: Test Driver > Affects Versions: 4.2.0 > Environment: All > Reporter: Farid Zaripov > Fix For: 4.2.1 > > Attachments: stdcxx-765.diff > > > The buf parameter of the _rw_fmtflags(), _rw_fmtevent() and _rw_fmtlc() functions contains not NUL-terminated data. The length of data in buf is stored in buf.endoff. > The rw_asnprintf() function accepts the only buf.pbuf and buf.pbufsize, but not buf.endoff. When %{+} format is used, the length of data in buf calculated using strlen() function, but this length is incorrect due to data is not NUL-terminated. > Another bug is that _rw_fmtflags(), _rw_fmtevent() and _rw_fmtlc() functions are returns len, but without updating the buf.endoff. Due to this the result of rw_asnprintf() is cutted in further processing. > These problems are detected in 0.printf test after latest update. > The schematic patch without error checking is below. This patch is not intended to apply. It's only shows how these bugs should be fixed. > {noformat} > Index: tests/src/fmt_bits.cpp > =================================================================== > --- tests/src/fmt_bits.cpp (revision 637399) > +++ tests/src/fmt_bits.cpp (working copy) > @@ -204,9 +204,12 @@ > > #endif // _RWSTD_NO_EXT_BIN_IO > > - len = rw_asnprintf (buf.pbuf, buf.pbufsize, > - "%{+} | %{?}std::ios::%{;}base(%d)", > - spec.fl_pound, base); > + (*buf.pbuf) [buf.endoff] = '\0'; > + int res = rw_asnprintf (buf.pbuf, buf.pbufsize, > + "%{+} | %{?}std::ios::%{;}base(%d)", > + spec.fl_pound, base); > + buf.endoff += res; > + len += res; > } > > return len; > @@ -303,9 +306,12 @@ > : std::ios::erase_event == event ? "erase_event" > : 0; > > - return rw_asnprintf (buf.pbuf, buf.pbufsize, > - "%{+}%{?}std::ios::%{;}%{?}%s%{:}event(%d)%{;}", > - spec.fl_pound, 0 != str, str, event); > + (*buf.pbuf) [buf.endoff] = '\0'; > + int len = rw_asnprintf (buf.pbuf, buf.pbufsize, > + "%{+}%{?}std::ios::%{;}%{?}%s%{:}event(%d)%{;}", > + spec.fl_pound, 0 != str, str, event); > + buf.endoff += len; > + return len; > } > > /********************************************************************/ > @@ -329,8 +335,12 @@ > > } > > - if (str) > - return rw_asnprintf (buf.pbuf, buf.pbufsize, "%{+}%s", str); > + if (str) { > + (*buf.pbuf) [buf.endoff] = '\0'; > + int len = rw_asnprintf (buf.pbuf, buf.pbufsize, "%{+}%s", str); > + buf.endoff += len; > + return len; > + } > > static const Bitnames names [] = { > BITNAME (std::locale, all), > {noformat} -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.