[jira] Commented: (STDCXX-524) buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)

Thu, 06 Sep 2007 11:36:53 -0700 

    [ 
https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12525493
 ] 

Travis Vitek commented on STDCXX-524:
-------------------------------------

I would need to delete the files if I call rw_tmpnam() or the proposed 
rw_tempname().

The existing code creates a file with explicit names and leaves them on disk. 
Is there any good reason for these files to be left hanging around? If not, the 
best solution is probably to use the existing rw_tmpnam() and delete the files 
afterward. I don't believe that I need to put the source files into the 
$locale_root directory to be able to run the locale utility on them, so I don't 
think that I need to write rw_tempnam() [though if you want rw_tempnam(), that 
could be added under a seperate issue].

If these files should remain, I think the best solution is probably to allocate 
filename buffers and format the filename into them, possibly using 
rw_sprintfa(). This would maintain the current behavior with the exception of 
the buffer overflow.

Please advise.

> buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
> ------------------------------------------------------------
>
>                 Key: STDCXX-524
>                 URL: https://issues.apache.org/jira/browse/STDCXX-524
>             Project: C++ Standard Library
>          Issue Type: Bug
>          Components: Tests
>    Affects Versions: 4.1.2, 4.1.3, 4.1.4
>            Reporter: Travis Vitek
>            Assignee: Travis Vitek
>            Priority: Trivial
>             Fix For: 4.2.1
>
>
> This test uses L_tmpnam to determine the length of a buffer used to store a 
> filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), 
> but the buffer is written to with std::sprintf(). When I run the test, the 
> allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this 
> will vary based on user name and other variables]. Perhaps the buffer should 
> be made larger, or some other method should be used to fill the buffer. 
> Perhaps this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> #  define _PATH_MAX PATH_MAX
> #else
> #  define _PATH_MAX _MAX_PATH
> #endif
>     char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
>     std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to