You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@stdcxx.apache.org by "Travis Vitek (JIRA)" <ji...@apache.org> on 2007/10/13 00:40:50 UTC
[jira] Created: (STDCXX-593) purify reports array bounds write
error from rw_locales in 22.locale.cons.stdcxx-485 test
purify reports array bounds write error from rw_locales in 22.locale.cons.stdcxx-485 test
-----------------------------------------------------------------------------------------
Key: STDCXX-593
URL: https://issues.apache.org/jira/browse/STDCXX-593
Project: C++ Standard Library
Issue Type: Improvement
Components: Test Driver
Reporter: Travis Vitek
Priority: Minor
Fix For: 4.2.1
When prepending the default locale to the locale name array, the size of the resulting string is not modified, so later write operations can write past the end of the buffer.
**** Purify instrumented ./22.locale.cons.stdcxx-485 (pid 13090) ****
ABW: Array bounds write:
* This is occurring while in thread 13090:
strcpy [rtlib.o]
rw_locales(int, char const*, bool) [locale.cpp:486]
run_test(int, char**) [22.locale.cons.stdcxx-485.cpp:41]
*unknown func* [pc=0x808b380]
rw_test(int, char**, char const*, char const*, char const*, int (*)(int, char**)) [driver.cpp:1128]
main [22.locale.cons.stdcxx-485.cpp:78]
* Writing 7 bytes to 0x810d72a in the heap (1 byte at 0x810d730 illegal).
* Address 0x810d72a is 5114 bytes into a malloc'd block at 0x810c330 of 5120 bytes.
* This block was allocated from thread -1207973632:
malloc [rtlib.o]
rw_locales(int, char const*, bool) [locale.cpp:350]
run_test(int, char**) [22.locale.cons.stdcxx-485.cpp:41]
*unknown func* [pc=0x808b380]
rw_test(int, char**, char const*, char const*, char const*, int (*)(int, char**)) [driver.cpp:1128]
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (STDCXX-593) purify reports array bounds write
error from rw_locales in 22.locale.cons.stdcxx-485 test
Posted by "Farid Zaripov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-593?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Farid Zaripov resolved STDCXX-593.
----------------------------------
Resolution: Fixed
> purify reports array bounds write error from rw_locales in 22.locale.cons.stdcxx-485 test
> -----------------------------------------------------------------------------------------
>
> Key: STDCXX-593
> URL: https://issues.apache.org/jira/browse/STDCXX-593
> Project: C++ Standard Library
> Issue Type: Improvement
> Components: Test Driver
> Affects Versions: 4.2.0
> Reporter: Travis Vitek
> Assignee: Travis Vitek
> Priority: Minor
> Fix For: 4.2.1
>
> Attachments: stdcxx-593.patch
>
>
> When prepending the default locale to the locale name array, the size of the resulting string is not modified, so later write operations can write past the end of the buffer.
> **** Purify instrumented ./22.locale.cons.stdcxx-485 (pid 13090) ****
> ABW: Array bounds write:
> * This is occurring while in thread 13090:
> strcpy [rtlib.o]
> rw_locales(int, char const*, bool) [locale.cpp:486]
> run_test(int, char**) [22.locale.cons.stdcxx-485.cpp:41]
> *unknown func* [pc=0x808b380]
> rw_test(int, char**, char const*, char const*, char const*, int (*)(int, char**)) [driver.cpp:1128]
> main [22.locale.cons.stdcxx-485.cpp:78]
> * Writing 7 bytes to 0x810d72a in the heap (1 byte at 0x810d730 illegal).
> * Address 0x810d72a is 5114 bytes into a malloc'd block at 0x810c330 of 5120 bytes.
> * This block was allocated from thread -1207973632:
> malloc [rtlib.o]
> rw_locales(int, char const*, bool) [locale.cpp:350]
> run_test(int, char**) [22.locale.cons.stdcxx-485.cpp:41]
> *unknown func* [pc=0x808b380]
> rw_test(int, char**, char const*, char const*, char const*, int (*)(int, char**)) [driver.cpp:1128]
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (STDCXX-593) purify reports array bounds write
error from rw_locales in 22.locale.cons.stdcxx-485 test
Posted by "Farid Zaripov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-593?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12537090 ]
Farid Zaripov commented on STDCXX-593:
--------------------------------------
Commited thus: http://svn.apache.org/viewvc?rev=587563&view=rev
> purify reports array bounds write error from rw_locales in 22.locale.cons.stdcxx-485 test
> -----------------------------------------------------------------------------------------
>
> Key: STDCXX-593
> URL: https://issues.apache.org/jira/browse/STDCXX-593
> Project: C++ Standard Library
> Issue Type: Improvement
> Components: Test Driver
> Reporter: Travis Vitek
> Assignee: Travis Vitek
> Priority: Minor
> Fix For: 4.2.1
>
> Attachments: stdcxx-593.patch
>
>
> When prepending the default locale to the locale name array, the size of the resulting string is not modified, so later write operations can write past the end of the buffer.
> **** Purify instrumented ./22.locale.cons.stdcxx-485 (pid 13090) ****
> ABW: Array bounds write:
> * This is occurring while in thread 13090:
> strcpy [rtlib.o]
> rw_locales(int, char const*, bool) [locale.cpp:486]
> run_test(int, char**) [22.locale.cons.stdcxx-485.cpp:41]
> *unknown func* [pc=0x808b380]
> rw_test(int, char**, char const*, char const*, char const*, int (*)(int, char**)) [driver.cpp:1128]
> main [22.locale.cons.stdcxx-485.cpp:78]
> * Writing 7 bytes to 0x810d72a in the heap (1 byte at 0x810d730 illegal).
> * Address 0x810d72a is 5114 bytes into a malloc'd block at 0x810c330 of 5120 bytes.
> * This block was allocated from thread -1207973632:
> malloc [rtlib.o]
> rw_locales(int, char const*, bool) [locale.cpp:350]
> run_test(int, char**) [22.locale.cons.stdcxx-485.cpp:41]
> *unknown func* [pc=0x808b380]
> rw_test(int, char**, char const*, char const*, char const*, int (*)(int, char**)) [driver.cpp:1128]
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (STDCXX-593) purify reports array bounds write error
from rw_locales in 22.locale.cons.stdcxx-485 test
Posted by "Farid Zaripov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-593?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Farid Zaripov closed STDCXX-593.
--------------------------------
> purify reports array bounds write error from rw_locales in 22.locale.cons.stdcxx-485 test
> -----------------------------------------------------------------------------------------
>
> Key: STDCXX-593
> URL: https://issues.apache.org/jira/browse/STDCXX-593
> Project: C++ Standard Library
> Issue Type: Improvement
> Components: Test Driver
> Affects Versions: 4.2.0
> Reporter: Travis Vitek
> Assignee: Travis Vitek
> Priority: Minor
> Fix For: 4.2.1
>
> Attachments: stdcxx-593.patch
>
>
> When prepending the default locale to the locale name array, the size of the resulting string is not modified, so later write operations can write past the end of the buffer.
> **** Purify instrumented ./22.locale.cons.stdcxx-485 (pid 13090) ****
> ABW: Array bounds write:
> * This is occurring while in thread 13090:
> strcpy [rtlib.o]
> rw_locales(int, char const*, bool) [locale.cpp:486]
> run_test(int, char**) [22.locale.cons.stdcxx-485.cpp:41]
> *unknown func* [pc=0x808b380]
> rw_test(int, char**, char const*, char const*, char const*, int (*)(int, char**)) [driver.cpp:1128]
> main [22.locale.cons.stdcxx-485.cpp:78]
> * Writing 7 bytes to 0x810d72a in the heap (1 byte at 0x810d730 illegal).
> * Address 0x810d72a is 5114 bytes into a malloc'd block at 0x810c330 of 5120 bytes.
> * This block was allocated from thread -1207973632:
> malloc [rtlib.o]
> rw_locales(int, char const*, bool) [locale.cpp:350]
> run_test(int, char**) [22.locale.cons.stdcxx-485.cpp:41]
> *unknown func* [pc=0x808b380]
> rw_test(int, char**, char const*, char const*, char const*, int (*)(int, char**)) [driver.cpp:1128]
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (STDCXX-593) purify reports array bounds write
error from rw_locales in 22.locale.cons.stdcxx-485 test
Posted by "Travis Vitek (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-593?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Travis Vitek updated STDCXX-593:
--------------------------------
Attachment: stdcxx-593.patch
There is a little cleanup in this patch, but IMO it makes the code a lot simpler.
The last note about the memory block type mismatch would only occur if the buffer had to grow to accomodate the locale string. Normally this doesn't happen on windows because the rw_system call to the locale utility fails. I found the problem because I plugged in some test code to generate the locale list using the locales in etc/config/src/locale_list.h. I kept getting heap errors saying the block type was not right.
2007-10-12 Travis Vitek <vi...@roguewave.com>
STDCXX-593
* locale.cpp (rw_locale): Update used array size to avoid
writing past the end of the allocated buffer. Use a growth
constant variable to avoid writing the same value in many
places. Use precalculated name length instead of calling
strlen() repeatedly.
[_WIN32]: Hide _malloc_dbg and _free_dbg behind macros
to clean up multiple conditional blocks and to avoid memory
block type mismatch.
> purify reports array bounds write error from rw_locales in 22.locale.cons.stdcxx-485 test
> -----------------------------------------------------------------------------------------
>
> Key: STDCXX-593
> URL: https://issues.apache.org/jira/browse/STDCXX-593
> Project: C++ Standard Library
> Issue Type: Improvement
> Components: Test Driver
> Reporter: Travis Vitek
> Priority: Minor
> Fix For: 4.2.1
>
> Attachments: stdcxx-593.patch
>
>
> When prepending the default locale to the locale name array, the size of the resulting string is not modified, so later write operations can write past the end of the buffer.
> **** Purify instrumented ./22.locale.cons.stdcxx-485 (pid 13090) ****
> ABW: Array bounds write:
> * This is occurring while in thread 13090:
> strcpy [rtlib.o]
> rw_locales(int, char const*, bool) [locale.cpp:486]
> run_test(int, char**) [22.locale.cons.stdcxx-485.cpp:41]
> *unknown func* [pc=0x808b380]
> rw_test(int, char**, char const*, char const*, char const*, int (*)(int, char**)) [driver.cpp:1128]
> main [22.locale.cons.stdcxx-485.cpp:78]
> * Writing 7 bytes to 0x810d72a in the heap (1 byte at 0x810d730 illegal).
> * Address 0x810d72a is 5114 bytes into a malloc'd block at 0x810c330 of 5120 bytes.
> * This block was allocated from thread -1207973632:
> malloc [rtlib.o]
> rw_locales(int, char const*, bool) [locale.cpp:350]
> run_test(int, char**) [22.locale.cons.stdcxx-485.cpp:41]
> *unknown func* [pc=0x808b380]
> rw_test(int, char**, char const*, char const*, char const*, int (*)(int, char**)) [driver.cpp:1128]
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (STDCXX-593) purify reports array bounds write
error from rw_locales in 22.locale.cons.stdcxx-485 test
Posted by "Travis Vitek (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-593?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Travis Vitek reassigned STDCXX-593:
-----------------------------------
Assignee: Travis Vitek
> purify reports array bounds write error from rw_locales in 22.locale.cons.stdcxx-485 test
> -----------------------------------------------------------------------------------------
>
> Key: STDCXX-593
> URL: https://issues.apache.org/jira/browse/STDCXX-593
> Project: C++ Standard Library
> Issue Type: Improvement
> Components: Test Driver
> Reporter: Travis Vitek
> Assignee: Travis Vitek
> Priority: Minor
> Fix For: 4.2.1
>
> Attachments: stdcxx-593.patch
>
>
> When prepending the default locale to the locale name array, the size of the resulting string is not modified, so later write operations can write past the end of the buffer.
> **** Purify instrumented ./22.locale.cons.stdcxx-485 (pid 13090) ****
> ABW: Array bounds write:
> * This is occurring while in thread 13090:
> strcpy [rtlib.o]
> rw_locales(int, char const*, bool) [locale.cpp:486]
> run_test(int, char**) [22.locale.cons.stdcxx-485.cpp:41]
> *unknown func* [pc=0x808b380]
> rw_test(int, char**, char const*, char const*, char const*, int (*)(int, char**)) [driver.cpp:1128]
> main [22.locale.cons.stdcxx-485.cpp:78]
> * Writing 7 bytes to 0x810d72a in the heap (1 byte at 0x810d730 illegal).
> * Address 0x810d72a is 5114 bytes into a malloc'd block at 0x810c330 of 5120 bytes.
> * This block was allocated from thread -1207973632:
> malloc [rtlib.o]
> rw_locales(int, char const*, bool) [locale.cpp:350]
> run_test(int, char**) [22.locale.cons.stdcxx-485.cpp:41]
> *unknown func* [pc=0x808b380]
> rw_test(int, char**, char const*, char const*, char const*, int (*)(int, char**)) [driver.cpp:1128]
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.