You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@stdcxx.apache.org by "Martin Sebor (JIRA)" <ji...@apache.org> on 2005/12/02 01:55:31 UTC

[jira] Commented: (STDCXX-68) [MSVC 8.0] strxfrm(s1, s2, 0) writes past the end of the destination buffer

    [ http://issues.apache.org/jira/browse/STDCXX-68?page=comments#action_12359111 ] 

Martin Sebor commented on STDCXX-68:
------------------------------------

Unfortunatley, it's become impossible to track the bug with Microsoft because the page is hidden. The ProductFeedback link above is redirected to a "hidden" page (http://lab.msdn.microsoft.com/ProductFeedback/error.aspx?msg=hidden) with the following information:

Page is hidden

This feedback is not being displayed because it may identify a possible security vulnerability.

Please re-submit this feedback, and all other security-related issues, at http://www.microsoft.com/technet/security/bulletin/alertus.aspx. Please refer to our FAQ for more details.


> [MSVC 8.0] strxfrm(s1, s2, 0) writes past the end of the destination buffer
> ---------------------------------------------------------------------------
>
>          Key: STDCXX-68
>          URL: http://issues.apache.org/jira/browse/STDCXX-68
>      Project: STDCXX
>         Type: Bug
>   Components: External
>     Versions: 4.1.2
>  Environment: MSVC 8
>     Reporter: Martin Sebor
>     Assignee: Martin Sebor
>      Fix For: 4.1.3

>
> From
> http://lab.msdn.microsoft.com/ProductFeedback/viewfeedback.aspx?feedbackid=b41c0882-79d0-412b-b404-d9ecb1952c31
> ======================================================================
> Bug ID:              FDBK40793
> Problem Type:        Bug
> Status:              New
> Microsoft Status:    Under Review
> Opened Date:         2005-11-18 16:06:05
> Opened By:           Martin Sebor
> Product/Technology:  Visual C++
> Version:             Visual Studio 2005
> Product Language:    English
> Category:            Libraries
> OS:                  Windows 2000 Server
> OS Language:         US English
> Submission Language: English
> ======================================================================
> Description:    
> Opened by Martin Sebor on 2005-11-18 at 16:06:05
>         
> The C standard library function strxfrm() writes past the end of the destination
> buffer.
> ======================================================================
> Steps to Reproduce:
> $ cat t.cpp && cl t.cpp && ./t.exe
> #include <assert.h>
> #include <locale.h>
> #include <string.h>
> int main ()
> {
>     setlocale (LC_COLLATE, "CAT");
>     char s1 [2] = { '*', '*' };
>     strxfrm (s1, "", 0);
>     assert ('*' == s1 [0] && '*' == s1 [1]);
> }
> Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 14.00.50727.42 for 80x86
> Copyright (C) Microsoft Corporation. All rights reserved.
> t.cpp
> Microsoft (R) Incremental Linker Version 8.00.50727.42
> Copyright (C) Microsoft Corporation. All rights reserved.
> /out:t.exe
> t.obj
> Assertion failed: '*' == s1 [0] && '*' == s1 [1], file t.cpp, line 11
> This application has requested the Runtime to terminate it in an unusual way.
> Please contact the application's support team for more information.
> ======================================================================
> Actual Results:         Runtime error.
> Expected Results:       No error.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira