You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@stdcxx.apache.org by "Travis Vitek (JIRA)" <ji...@apache.org> on 2007/09/06 20:36:32 UTC

[jira] Commented: (STDCXX-524) buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)

    [ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12525493 ] 

Travis Vitek commented on STDCXX-524:
-------------------------------------

I would need to delete the files if I call rw_tmpnam() or the proposed rw_tempname().

The existing code creates a file with explicit names and leaves them on disk. Is there any good reason for these files to be left hanging around? If not, the best solution is probably to use the existing rw_tmpnam() and delete the files afterward. I don't believe that I need to put the source files into the $locale_root directory to be able to run the locale utility on them, so I don't think that I need to write rw_tempnam() [though if you want rw_tempnam(), that could be added under a seperate issue].

If these files should remain, I think the best solution is probably to allocate filename buffers and format the filename into them, possibly using rw_sprintfa(). This would maintain the current behavior with the exception of the buffer overflow.

Please advise.

> buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
> ------------------------------------------------------------
>
>                 Key: STDCXX-524
>                 URL: https://issues.apache.org/jira/browse/STDCXX-524
>             Project: C++ Standard Library
>          Issue Type: Bug
>          Components: Tests
>    Affects Versions: 4.1.2, 4.1.3, 4.1.4
>            Reporter: Travis Vitek
>            Assignee: Travis Vitek
>            Priority: Trivial
>             Fix For: 4.2.1
>
>
> This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> #  define _PATH_MAX PATH_MAX
> #else
> #  define _PATH_MAX _MAX_PATH
> #endif
>     char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
>     std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.