You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@stdcxx.apache.org by "Travis Vitek (JIRA)" <ji...@apache.org> on 2007/08/18 00:22:30 UTC
[jira] Created: (STDCXX-524) buffer overflow in test
22.locale.time.get.cpp(make_LC_TIME)
buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
------------------------------------------------------------
Key: STDCXX-524
URL: https://issues.apache.org/jira/browse/STDCXX-524
Project: C++ Standard Library
Issue Type: Bug
Components: Tests
Reporter: Travis Vitek
Priority: Trivial
This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work.
#if !defined (_WIN32) && !defined (_WIN64)
# define _PATH_MAX PATH_MAX
#else
# define _PATH_MAX _MAX_PATH
#endif
char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (STDCXX-524) buffer overflow in test
22.locale.time.get.cpp(make_LC_TIME)
Posted by "Martin Sebor (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12520707 ]
Martin Sebor commented on STDCXX-524:
-------------------------------------
Ouch!
The test driver defines the rw_tmpnam() function that's supposed to be used for creating temporary file names. Looking at make_LC_TIME(), I don't think rw_tmpnam() is quite robust enough to handle the use case there. I see two other alternatives to dealing with the bug besides the one you suggest:
1. Forget about creating the files under the locale root directory and use rw_tmpnam() to obtain the names of the two temporary files the function uses. Change the function to delete the files when it's done generating the locale.
2. Replace rw_tmpnam() with rw_tempnam(), the equivalent of the POSIX tempnam() function, and change make_LC_TIME() and all other clients of rw_tmpnam() to call rw_tempnam() instead. See the POSIX man page for tempnam() here: http://www.opengroup.org/onlinepubs/009695399/functions/tempnam.html
> buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
> ------------------------------------------------------------
>
> Key: STDCXX-524
> URL: https://issues.apache.org/jira/browse/STDCXX-524
> Project: C++ Standard Library
> Issue Type: Bug
> Components: Tests
> Reporter: Travis Vitek
> Priority: Trivial
>
> This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> # define _PATH_MAX PATH_MAX
> #else
> # define _PATH_MAX _MAX_PATH
> #endif
> char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
> std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (STDCXX-524) buffer overflow in test
22.locale.time.get.cpp(make_LC_TIME)
Posted by "Travis Vitek (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12520699 ]
Travis Vitek commented on STDCXX-524:
-------------------------------------
NOTE: This same issue occurs twice in the same function.
> buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
> ------------------------------------------------------------
>
> Key: STDCXX-524
> URL: https://issues.apache.org/jira/browse/STDCXX-524
> Project: C++ Standard Library
> Issue Type: Bug
> Components: Tests
> Reporter: Travis Vitek
> Priority: Trivial
>
> This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> # define _PATH_MAX PATH_MAX
> #else
> # define _PATH_MAX _MAX_PATH
> #endif
> char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
> std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (STDCXX-524) buffer overflow in test
22.locale.time.get.cpp(make_LC_TIME)
Posted by "Travis Vitek (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Travis Vitek updated STDCXX-524:
--------------------------------
Fix Version/s: 4.2.1
Affects Version/s: 4.1.2
4.1.3
4.1.4
> buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
> ------------------------------------------------------------
>
> Key: STDCXX-524
> URL: https://issues.apache.org/jira/browse/STDCXX-524
> Project: C++ Standard Library
> Issue Type: Bug
> Components: Tests
> Affects Versions: 4.1.2, 4.1.3, 4.1.4
> Reporter: Travis Vitek
> Assignee: Travis Vitek
> Priority: Trivial
> Fix For: 4.2.1
>
>
> This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> # define _PATH_MAX PATH_MAX
> #else
> # define _PATH_MAX _MAX_PATH
> #endif
> char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
> std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (STDCXX-524) buffer overflow in test
22.locale.time.get.cpp(make_LC_TIME)
Posted by "Travis Vitek (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Travis Vitek updated STDCXX-524:
--------------------------------
Attachment: stdcxx-524.patch
I have opted to just use a large fixed length buffer for the file names. This is what we're doing all over the place and I didn't want to introduce a totally different way to do this. If someone feels it is really necessary, I can change parts of this to use dynamic buffers. I can't make the cached locale name dynamic unless I want to leave allocated memory at program exit.
> buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
> ------------------------------------------------------------
>
> Key: STDCXX-524
> URL: https://issues.apache.org/jira/browse/STDCXX-524
> Project: C++ Standard Library
> Issue Type: Bug
> Components: Tests
> Affects Versions: 4.1.2, 4.1.3, 4.1.4
> Reporter: Travis Vitek
> Assignee: Travis Vitek
> Priority: Trivial
> Fix For: 4.2.1
>
> Attachments: stdcxx-524.patch
>
>
> This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> # define _PATH_MAX PATH_MAX
> #else
> # define _PATH_MAX _MAX_PATH
> #endif
> char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
> std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (STDCXX-524) buffer overflow in test
22.locale.time.get.cpp(make_LC_TIME)
Posted by "Martin Sebor (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Sebor reassigned STDCXX-524:
-----------------------------------
Assignee: Travis Vitek
Assigned to Travis.
> buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
> ------------------------------------------------------------
>
> Key: STDCXX-524
> URL: https://issues.apache.org/jira/browse/STDCXX-524
> Project: C++ Standard Library
> Issue Type: Bug
> Components: Tests
> Reporter: Travis Vitek
> Assignee: Travis Vitek
> Priority: Trivial
>
> This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> # define _PATH_MAX PATH_MAX
> #else
> # define _PATH_MAX _MAX_PATH
> #endif
> char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
> std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (STDCXX-524) buffer overflow in test
22.locale.time.get.cpp(make_LC_TIME)
Posted by "Travis Vitek (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Travis Vitek updated STDCXX-524:
--------------------------------
Attachment: stdcxx-524.patch
2007/12/12 Travis Vitek <vi...@roguewave.com>
STDCXX-524
* tests/localization/22.locale.codecvt.length.cpp (create_locale):
Check return code from rw_snprintf().
* tests/localization/22.locale.codecvt.out.cpp (create_locale):
Ditto.
* tests/localization/22.locale.time.get.cpp (make_LC_TIME):
Ditto. Use rw_snprintf() instead of sprintf(), use larger
fixed buffer sizes.
* tests/localization/22.locale.time.put.cpp (make_LC_TIME):
Ditto.
* src/locale.cpp (): Ditto.
> buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
> ------------------------------------------------------------
>
> Key: STDCXX-524
> URL: https://issues.apache.org/jira/browse/STDCXX-524
> Project: C++ Standard Library
> Issue Type: Bug
> Components: Tests
> Affects Versions: 4.1.2, 4.1.3, 4.1.4
> Reporter: Travis Vitek
> Assignee: Travis Vitek
> Priority: Trivial
> Fix For: 4.2.1
>
> Attachments: stdcxx-524.patch
>
>
> This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> # define _PATH_MAX PATH_MAX
> #else
> # define _PATH_MAX _MAX_PATH
> #endif
> char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
> std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (STDCXX-524) buffer overflow in test
22.locale.time.get.cpp(make_LC_TIME)
Posted by "Travis Vitek (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Travis Vitek updated STDCXX-524:
--------------------------------
Attachment: (was: stdcxx-524.patch)
> buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
> ------------------------------------------------------------
>
> Key: STDCXX-524
> URL: https://issues.apache.org/jira/browse/STDCXX-524
> Project: C++ Standard Library
> Issue Type: Bug
> Components: Tests
> Affects Versions: 4.1.2, 4.1.3, 4.1.4
> Reporter: Travis Vitek
> Assignee: Travis Vitek
> Priority: Trivial
> Fix For: 4.2.1
>
>
> This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> # define _PATH_MAX PATH_MAX
> #else
> # define _PATH_MAX _MAX_PATH
> #endif
> char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
> std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (STDCXX-524) buffer overflow in test
22.locale.time.get.cpp (make_LC_TIME)
Posted by "Travis Vitek (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Travis Vitek closed STDCXX-524.
-------------------------------
Resolution: Fixed
Verified in automated testing
> buffer overflow in test 22.locale.time.get.cpp (make_LC_TIME)
> -------------------------------------------------------------
>
> Key: STDCXX-524
> URL: https://issues.apache.org/jira/browse/STDCXX-524
> Project: C++ Standard Library
> Issue Type: Bug
> Components: Tests
> Affects Versions: 4.1.2, 4.1.3, 4.1.4
> Reporter: Travis Vitek
> Assignee: Travis Vitek
> Priority: Trivial
> Fix For: 4.2.1
>
> Attachments: stdcxx-524.patch
>
>
> This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> # define _PATH_MAX PATH_MAX
> #else
> # define _PATH_MAX _MAX_PATH
> #endif
> char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
> std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (STDCXX-524) buffer overflow in test
22.locale.time.get.cpp(make_LC_TIME)
Posted by "Martin Sebor (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12525873 ]
Martin Sebor commented on STDCXX-524:
-------------------------------------
Right, the files don't need to be under locale_root. They're there for convenience, so that we don't have to bother creating a temporary name for each and worry about forgetting to delete (the driver does it automatically when the test exits).
It now occurs to me that there's another reason why the files are under locale_root and don't get deleted in the function: to make debugging easier. When stepping through the test to understand why certain things failed it was convenient to be able to see the locale definition files for the locales created by the test.
Btw., to save time spent running the localedef utility, the make_LC_TIME() function is also supposed to do any real work only the first time it's called and simply return the name of the generated locale each subsequent time. That's the purpose of the locnamebuf static variable. Unfortunately, this doesn't seem to be finished. It would be nice to make sure it does.
So, in summary I would prefer to keep the temporary files under locale_root and go with your last alternative.
> buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
> ------------------------------------------------------------
>
> Key: STDCXX-524
> URL: https://issues.apache.org/jira/browse/STDCXX-524
> Project: C++ Standard Library
> Issue Type: Bug
> Components: Tests
> Affects Versions: 4.1.2, 4.1.3, 4.1.4
> Reporter: Travis Vitek
> Assignee: Travis Vitek
> Priority: Trivial
> Fix For: 4.2.1
>
>
> This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> # define _PATH_MAX PATH_MAX
> #else
> # define _PATH_MAX _MAX_PATH
> #endif
> char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
> std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (STDCXX-524) buffer overflow in test
22.locale.time.get.cpp(make_LC_TIME)
Posted by "Travis Vitek (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Travis Vitek updated STDCXX-524:
--------------------------------
Patch Info: [Patch Available]
> buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
> ------------------------------------------------------------
>
> Key: STDCXX-524
> URL: https://issues.apache.org/jira/browse/STDCXX-524
> Project: C++ Standard Library
> Issue Type: Bug
> Components: Tests
> Affects Versions: 4.1.2, 4.1.3, 4.1.4
> Reporter: Travis Vitek
> Assignee: Travis Vitek
> Priority: Trivial
> Fix For: 4.2.1
>
> Attachments: stdcxx-524.patch
>
>
> This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> # define _PATH_MAX PATH_MAX
> #else
> # define _PATH_MAX _MAX_PATH
> #endif
> char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
> std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (STDCXX-524) buffer overflow in test
22.locale.time.get.cpp(make_LC_TIME)
Posted by "Martin Sebor (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12551639 ]
Martin Sebor commented on STDCXX-524:
-------------------------------------
Are you saying I should be paying attention? ;-)
Makes sense.
> buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
> ------------------------------------------------------------
>
> Key: STDCXX-524
> URL: https://issues.apache.org/jira/browse/STDCXX-524
> Project: C++ Standard Library
> Issue Type: Bug
> Components: Tests
> Affects Versions: 4.1.2, 4.1.3, 4.1.4
> Reporter: Travis Vitek
> Assignee: Travis Vitek
> Priority: Trivial
> Fix For: 4.2.1
>
> Attachments: stdcxx-524.patch
>
>
> This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> # define _PATH_MAX PATH_MAX
> #else
> # define _PATH_MAX _MAX_PATH
> #endif
> char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
> std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (STDCXX-524) buffer overflow in test
22.locale.time.get.cpp(make_LC_TIME)
Posted by "Martin Sebor (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12527342 ]
Martin Sebor commented on STDCXX-524:
-------------------------------------
Looks good, thanks! If you could just attach your Change Log I'll commit the patch.
> buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
> ------------------------------------------------------------
>
> Key: STDCXX-524
> URL: https://issues.apache.org/jira/browse/STDCXX-524
> Project: C++ Standard Library
> Issue Type: Bug
> Components: Tests
> Affects Versions: 4.1.2, 4.1.3, 4.1.4
> Reporter: Travis Vitek
> Assignee: Travis Vitek
> Priority: Trivial
> Fix For: 4.2.1
>
> Attachments: stdcxx-524.patch
>
>
> This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> # define _PATH_MAX PATH_MAX
> #else
> # define _PATH_MAX _MAX_PATH
> #endif
> char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
> std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (STDCXX-524) buffer overflow in test
22.locale.time.get.cpp (make_LC_TIME)
Posted by "Martin Sebor (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Sebor updated STDCXX-524:
--------------------------------
Severity: Runtime Error
Summary: buffer overflow in test 22.locale.time.get.cpp (make_LC_TIME) (was: buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME))
Added a missing space.
> buffer overflow in test 22.locale.time.get.cpp (make_LC_TIME)
> -------------------------------------------------------------
>
> Key: STDCXX-524
> URL: https://issues.apache.org/jira/browse/STDCXX-524
> Project: C++ Standard Library
> Issue Type: Bug
> Components: Tests
> Affects Versions: 4.1.2, 4.1.3, 4.1.4
> Reporter: Travis Vitek
> Assignee: Travis Vitek
> Priority: Trivial
> Fix For: 4.2.1
>
> Attachments: stdcxx-524.patch
>
>
> This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> # define _PATH_MAX PATH_MAX
> #else
> # define _PATH_MAX _MAX_PATH
> #endif
> char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
> std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (STDCXX-524) buffer overflow in test
22.locale.time.get.cpp(make_LC_TIME)
Posted by "Travis Vitek (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12551618 ]
Travis Vitek commented on STDCXX-524:
-------------------------------------
That was my original plan, but I decided against it. I mention this above, but it is worth repeating. I'm attempting to avoid memory in use at program exit.
> buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
> ------------------------------------------------------------
>
> Key: STDCXX-524
> URL: https://issues.apache.org/jira/browse/STDCXX-524
> Project: C++ Standard Library
> Issue Type: Bug
> Components: Tests
> Affects Versions: 4.1.2, 4.1.3, 4.1.4
> Reporter: Travis Vitek
> Assignee: Travis Vitek
> Priority: Trivial
> Fix For: 4.2.1
>
> Attachments: stdcxx-524.patch
>
>
> This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> # define _PATH_MAX PATH_MAX
> #else
> # define _PATH_MAX _MAX_PATH
> #endif
> char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
> std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (STDCXX-524) buffer overflow in test
22.locale.time.get.cpp(make_LC_TIME)
Posted by "Martin Sebor (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12551615 ]
Martin Sebor commented on STDCXX-524:
-------------------------------------
I've adjusted your ChangeLog to follow the established format (the date is 2007-12-12, and two spaces between name and email -- you should think about using Emacs ;-)
Committed thus: http://svn.apache.org/viewvc?rev=604038&view=rev
Btw., since you switched to using rw_sprintf(), it occurs to me that we might as well let the function allocate the memory for the string instead of using fixed-size buffers and dispense with any risk of buffer overflow once and for all...
> buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
> ------------------------------------------------------------
>
> Key: STDCXX-524
> URL: https://issues.apache.org/jira/browse/STDCXX-524
> Project: C++ Standard Library
> Issue Type: Bug
> Components: Tests
> Affects Versions: 4.1.2, 4.1.3, 4.1.4
> Reporter: Travis Vitek
> Assignee: Travis Vitek
> Priority: Trivial
> Fix For: 4.2.1
>
> Attachments: stdcxx-524.patch
>
>
> This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> # define _PATH_MAX PATH_MAX
> #else
> # define _PATH_MAX _MAX_PATH
> #endif
> char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
> std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (STDCXX-524) buffer overflow in test
22.locale.time.get.cpp(make_LC_TIME)
Posted by "Travis Vitek (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12525493 ]
Travis Vitek commented on STDCXX-524:
-------------------------------------
I would need to delete the files if I call rw_tmpnam() or the proposed rw_tempname().
The existing code creates a file with explicit names and leaves them on disk. Is there any good reason for these files to be left hanging around? If not, the best solution is probably to use the existing rw_tmpnam() and delete the files afterward. I don't believe that I need to put the source files into the $locale_root directory to be able to run the locale utility on them, so I don't think that I need to write rw_tempnam() [though if you want rw_tempnam(), that could be added under a seperate issue].
If these files should remain, I think the best solution is probably to allocate filename buffers and format the filename into them, possibly using rw_sprintfa(). This would maintain the current behavior with the exception of the buffer overflow.
Please advise.
> buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
> ------------------------------------------------------------
>
> Key: STDCXX-524
> URL: https://issues.apache.org/jira/browse/STDCXX-524
> Project: C++ Standard Library
> Issue Type: Bug
> Components: Tests
> Affects Versions: 4.1.2, 4.1.3, 4.1.4
> Reporter: Travis Vitek
> Assignee: Travis Vitek
> Priority: Trivial
> Fix For: 4.2.1
>
>
> This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> # define _PATH_MAX PATH_MAX
> #else
> # define _PATH_MAX _MAX_PATH
> #endif
> char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
> std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.