Return-Path: Delivered-To: apmail-stdcxx-issues-archive@locus.apache.org Received: (qmail 13779 invoked from network); 17 Mar 2008 03:41:07 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 17 Mar 2008 03:41:07 -0000 Received: (qmail 90070 invoked by uid 500); 17 Mar 2008 03:41:05 -0000 Delivered-To: apmail-stdcxx-issues-archive@stdcxx.apache.org Received: (qmail 90052 invoked by uid 500); 17 Mar 2008 03:41:05 -0000 Mailing-List: contact issues-help@stdcxx.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@stdcxx.apache.org Delivered-To: mailing list issues@stdcxx.apache.org Received: (qmail 90043 invoked by uid 99); 17 Mar 2008 03:41:05 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 16 Mar 2008 20:41:05 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Mar 2008 03:40:35 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id AD102234C099 for ; Sun, 16 Mar 2008 20:39:24 -0700 (PDT) Message-ID: <1279577257.1205725164694.JavaMail.jira@brutus> Date: Sun, 16 Mar 2008 20:39:24 -0700 (PDT) From: "Martin Sebor (JIRA)" To: issues@stdcxx.apache.org Subject: [jira] Commented: (STDCXX-765) Incorrect using rw_asnprintf() with %{+} format and not NUL-terminated buffer in _rw_fmtflags(), _rw_fmtevent(), _rw_fmtlc() In-Reply-To: <940717969.1205594904781.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/STDCXX-765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12579290#action_12579290 ] Martin Sebor commented on STDCXX-765: ------------------------------------- Btw., about your proposed patch. I think the approach is correct (my patch does essentially the same thing); the one problem that jumps out at me is that it writes the terminating {{NUL}} directly to the buffer without making sure there's sufficient room. > Incorrect using rw_asnprintf() with %{+} format and not NUL-terminated buffer in _rw_fmtflags(), _rw_fmtevent(), _rw_fmtlc() > ----------------------------------------------------------------------------------------------------------------------------- > > Key: STDCXX-765 > URL: https://issues.apache.org/jira/browse/STDCXX-765 > Project: C++ Standard Library > Issue Type: Bug > Components: Test Driver > Affects Versions: 4.2.0 > Environment: All > Reporter: Farid Zaripov > Fix For: 4.2.1 > > Attachments: stdcxx-765.diff > > > The buf parameter of the _rw_fmtflags(), _rw_fmtevent() and _rw_fmtlc() functions contains not NUL-terminated data. The length of data in buf is stored in buf.endoff. > The rw_asnprintf() function accepts the only buf.pbuf and buf.pbufsize, but not buf.endoff. When %{+} format is used, the length of data in buf calculated using strlen() function, but this length is incorrect due to data is not NUL-terminated. > Another bug is that _rw_fmtflags(), _rw_fmtevent() and _rw_fmtlc() functions are returns len, but without updating the buf.endoff. Due to this the result of rw_asnprintf() is cutted in further processing. > These problems are detected in 0.printf test after latest update. > The schematic patch without error checking is below. This patch is not intended to apply. It's only shows how these bugs should be fixed. > {noformat} > Index: tests/src/fmt_bits.cpp > =================================================================== > --- tests/src/fmt_bits.cpp (revision 637399) > +++ tests/src/fmt_bits.cpp (working copy) > @@ -204,9 +204,12 @@ > > #endif // _RWSTD_NO_EXT_BIN_IO > > - len = rw_asnprintf (buf.pbuf, buf.pbufsize, > - "%{+} | %{?}std::ios::%{;}base(%d)", > - spec.fl_pound, base); > + (*buf.pbuf) [buf.endoff] = '\0'; > + int res = rw_asnprintf (buf.pbuf, buf.pbufsize, > + "%{+} | %{?}std::ios::%{;}base(%d)", > + spec.fl_pound, base); > + buf.endoff += res; > + len += res; > } > > return len; > @@ -303,9 +306,12 @@ > : std::ios::erase_event == event ? "erase_event" > : 0; > > - return rw_asnprintf (buf.pbuf, buf.pbufsize, > - "%{+}%{?}std::ios::%{;}%{?}%s%{:}event(%d)%{;}", > - spec.fl_pound, 0 != str, str, event); > + (*buf.pbuf) [buf.endoff] = '\0'; > + int len = rw_asnprintf (buf.pbuf, buf.pbufsize, > + "%{+}%{?}std::ios::%{;}%{?}%s%{:}event(%d)%{;}", > + spec.fl_pound, 0 != str, str, event); > + buf.endoff += len; > + return len; > } > > /********************************************************************/ > @@ -329,8 +335,12 @@ > > } > > - if (str) > - return rw_asnprintf (buf.pbuf, buf.pbufsize, "%{+}%s", str); > + if (str) { > + (*buf.pbuf) [buf.endoff] = '\0'; > + int len = rw_asnprintf (buf.pbuf, buf.pbufsize, "%{+}%s", str); > + buf.endoff += len; > + return len; > + } > > static const Bitnames names [] = { > BITNAME (std::locale, all), > {noformat} -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.