You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@stdcxx.apache.org by se...@apache.org on 2005/12/02 00:19:49 UTC

svn commit: r351515 - /incubator/stdcxx/trunk/tests/src/printf.cpp

Author: sebor
Date: Thu Dec  1 15:19:44 2005
New Revision: 351515

URL: http://svn.apache.org/viewcvs?rev=351515&view=rev
Log:
2005-12-01  Martin Sebor  <se...@roguewave.com>

	* printf.cpp (_rw_bufcat): Increased the size of the buffer and added
	a trailing guard to detect writes past the end (and other types of
	memory corruption).
	(_rw_vfprintf): Avoided using a statically allocated buffer (might
	be freed by _rw_bufcat).

Modified:
    incubator/stdcxx/trunk/tests/src/printf.cpp

Modified: incubator/stdcxx/trunk/tests/src/printf.cpp
URL: http://svn.apache.org/viewcvs/incubator/stdcxx/trunk/tests/src/printf.cpp?rev=351515&r1=351514&r2=351515&view=diff
==============================================================================
--- incubator/stdcxx/trunk/tests/src/printf.cpp (original)
+++ incubator/stdcxx/trunk/tests/src/printf.cpp Thu Dec  1 15:19:44 2005
@@ -460,10 +460,13 @@
 
     if (bufree <= len || !*pbuf) {
 
-        size_t newbufsize = *pbufsize * 2;
+        // for guard block
+        static const char deadbeef[] = "\xde\xad\xbe\xef";
 
-        if (newbufsize <= buflen + len)
-            newbufsize = 2 * (buflen + len + 1);
+        size_t newbufsize = *pbufsize * 2 + 4;
+
+        if (newbufsize <= buflen + len + 4)
+            newbufsize = 2 * (buflen + len + 1) + 4;
 
         char* const newbuf = (char*)malloc (newbufsize);
 
@@ -472,10 +475,18 @@
             return 0;
 
         memcpy (newbuf, *pbuf, buflen);
-        free (*pbuf);
+
+        // append a guard block to the end of the buffer
+        memcpy (newbuf + newbufsize - 4, deadbeef, 4);
+
+        if (*pbuf) {
+            // verify that we didn't write past the end of the buffer
+            assert (0 == memcmp (*pbuf + *pbufsize, deadbeef, 4));
+            free (*pbuf);
+        }
 
         *pbuf     = newbuf;
-        *pbufsize = newbufsize;
+        *pbufsize = newbufsize - 4;
 
         (*pbuf)[buflen] = '\0';
     }
@@ -3314,10 +3325,8 @@
 {
     assert (0 != file);
 
-    char buffer [256];
-
-    char* buf = buffer;
-    size_t bufsize = sizeof buffer;
+    char* buf = 0;
+    size_t bufsize = 0;
 
     const int nchars = rw_vasnprintf (&buf, &bufsize, fmt, va);
 
@@ -3345,8 +3354,7 @@
 
 #endif   // _MSC_VER
 
-    if (buf != buffer)
-        free (buf);
+    free (buf);
 
     return nwrote;
 }