Hi Justin, On Fri, Oct 13, 2006 at 07:01:51PM -0400, Justin Pryzby wrote: > > #define MM_SWAP_TEMPLATE "/var/run/sshd.mm.XXXXXXXX" > > if (address == (void *)MAP_FAILED) { > > char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE; > > int tmpfd; > > mode_t old_umask; > > > > old_umask = umask(0177); > > tmpfd = mkstemp(tmpname); > > > > The array 'tmpname' has enough space to contain the string > > MM_SWAP_TEMPLATE, but not the terminating '\0' byte. Therefore > > 'mkstemp' is called with an unterminated string. > In a test, a string constant has sizeof(s)==1+strlen(s); this happens for > a character constant, too. I'm assuming that gcc implements the behavior > required by relevant standards.
Sorry, I can't quite follow you here. Is your claim that char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE; will make 'tmpname' long enough to contain the trailing '\0'? This is not true. And what do you mean by "relevant standards"? The problem, reduced to a simpler form, is shown in the following example: [EMAIL PROTECTED] [~] cat t.c #include <stdio.h> int main() { char string[4]="1234"; puts(string); return 0; } [EMAIL PROTECTED] [~] gcc t.c [EMAIL PROTECTED] [~] ./a.out [EMAIL PROTECTED] Clearly 'string' was not terminated there. Why do you think that the original issue is different? All the best, Jochen -- http://seehuhn.de/
signature.asc
Description: Digital signature