Return-Path: Delivered-To: apmail-stdcxx-issues-archive@locus.apache.org Received: (qmail 11341 invoked from network); 17 Mar 2008 03:33:09 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 17 Mar 2008 03:33:09 -0000 Received: (qmail 84918 invoked by uid 500); 17 Mar 2008 03:33:07 -0000 Delivered-To: apmail-stdcxx-issues-archive@stdcxx.apache.org Received: (qmail 84895 invoked by uid 500); 17 Mar 2008 03:33:07 -0000 Mailing-List: contact issues-help@stdcxx.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@stdcxx.apache.org Delivered-To: mailing list issues@stdcxx.apache.org Received: (qmail 84886 invoked by uid 99); 17 Mar 2008 03:33:07 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 16 Mar 2008 20:33:07 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Mar 2008 03:32:26 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 36ED7234C099 for ; Sun, 16 Mar 2008 20:31:24 -0700 (PDT) Message-ID: <1539695134.1205724684210.JavaMail.jira@brutus> Date: Sun, 16 Mar 2008 20:31:24 -0700 (PDT) From: "Martin Sebor (JIRA)" To: issues@stdcxx.apache.org Subject: [jira] Commented: (STDCXX-765) Incorrect using rw_asnprintf() with %{+} format and not NUL-terminated buffer in _rw_fmtflags(), _rw_fmtevent(), _rw_fmtlc() In-Reply-To: <940717969.1205594904781.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/STDCXX-765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12579288#action_12579288 ] Martin Sebor commented on STDCXX-765: ------------------------------------- I stepped through the code and I think I've fixed all the occurrences of the problem -- the [0.printf.cpp|http://svn.apache.org/repos/asf/stdcxx/trunk/tests/self/0.printf.cpp] test passes all assertions with the attached patch applied. Let me know if it looks good to you. I don't think the code in [fmt_bits.cpp|http://svn.apache.org/repos/asf/stdcxx/trunk/tests/src/fmt_bits.cpp] has changed recently so I'm still curious what was masking the bug and what change exposed it... > Incorrect using rw_asnprintf() with %{+} format and not NUL-terminated buffer in _rw_fmtflags(), _rw_fmtevent(), _rw_fmtlc() > ----------------------------------------------------------------------------------------------------------------------------- > > Key: STDCXX-765 > URL: https://issues.apache.org/jira/browse/STDCXX-765 > Project: C++ Standard Library > Issue Type: Bug > Components: Test Driver > Affects Versions: 4.2.0 > Environment: All > Reporter: Farid Zaripov > Fix For: 4.2.1 > > Attachments: stdcxx-765.diff > > > The buf parameter of the _rw_fmtflags(), _rw_fmtevent() and _rw_fmtlc() functions contains not NUL-terminated data. The length of data in buf is stored in buf.endoff. > The rw_asnprintf() function accepts the only buf.pbuf and buf.pbufsize, but not buf.endoff. When %{+} format is used, the length of data in buf calculated using strlen() function, but this length is incorrect due to data is not NUL-terminated. > Another bug is that _rw_fmtflags(), _rw_fmtevent() and _rw_fmtlc() functions are returns len, but without updating the buf.endoff. Due to this the result of rw_asnprintf() is cutted in further processing. > These problems are detected in 0.printf test after latest update. > The schematic patch without error checking is below. This patch is not intended to apply. It's only shows how these bugs should be fixed. > {noformat} > Index: tests/src/fmt_bits.cpp > =================================================================== > --- tests/src/fmt_bits.cpp (revision 637399) > +++ tests/src/fmt_bits.cpp (working copy) > @@ -204,9 +204,12 @@ > > #endif // _RWSTD_NO_EXT_BIN_IO > > - len = rw_asnprintf (buf.pbuf, buf.pbufsize, > - "%{+} | %{?}std::ios::%{;}base(%d)", > - spec.fl_pound, base); > + (*buf.pbuf) [buf.endoff] = '\0'; > + int res = rw_asnprintf (buf.pbuf, buf.pbufsize, > + "%{+} | %{?}std::ios::%{;}base(%d)", > + spec.fl_pound, base); > + buf.endoff += res; > + len += res; > } > > return len; > @@ -303,9 +306,12 @@ > : std::ios::erase_event == event ? "erase_event" > : 0; > > - return rw_asnprintf (buf.pbuf, buf.pbufsize, > - "%{+}%{?}std::ios::%{;}%{?}%s%{:}event(%d)%{;}", > - spec.fl_pound, 0 != str, str, event); > + (*buf.pbuf) [buf.endoff] = '\0'; > + int len = rw_asnprintf (buf.pbuf, buf.pbufsize, > + "%{+}%{?}std::ios::%{;}%{?}%s%{:}event(%d)%{;}", > + spec.fl_pound, 0 != str, str, event); > + buf.endoff += len; > + return len; > } > > /********************************************************************/ > @@ -329,8 +335,12 @@ > > } > > - if (str) > - return rw_asnprintf (buf.pbuf, buf.pbufsize, "%{+}%s", str); > + if (str) { > + (*buf.pbuf) [buf.endoff] = '\0'; > + int len = rw_asnprintf (buf.pbuf, buf.pbufsize, "%{+}%s", str); > + buf.endoff += len; > + return len; > + } > > static const Bitnames names [] = { > BITNAME (std::locale, all), > {noformat} -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.