[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12551615 ]
Martin Sebor commented on STDCXX-524: ------------------------------------- I've adjusted your ChangeLog to follow the established format (the date is 2007-12-12, and two spaces between name and email -- you should think about using Emacs ;-) Committed thus: http://svn.apache.org/viewvc?rev=604038&view=rev Btw., since you switched to using rw_sprintf(), it occurs to me that we might as well let the function allocate the memory for the string instead of using fixed-size buffers and dispense with any risk of buffer overflow once and for all... > buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME) > ------------------------------------------------------------ > > Key: STDCXX-524 > URL: https://issues.apache.org/jira/browse/STDCXX-524 > Project: C++ Standard Library > Issue Type: Bug > Components: Tests > Affects Versions: 4.1.2, 4.1.3, 4.1.4 > Reporter: Travis Vitek > Assignee: Travis Vitek > Priority: Trivial > Fix For: 4.2.1 > > Attachments: stdcxx-524.patch > > > This test uses L_tmpnam to determine the length of a buffer used to store a > filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), > but the buffer is written to with std::sprintf(). When I run the test, the > allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this > will vary based on user name and other variables]. Perhaps the buffer should > be made larger, or some other method should be used to fill the buffer. > Perhaps this would work. > #if !defined (_WIN32) && !defined (_WIN64) > # define _PATH_MAX PATH_MAX > #else > # define _PATH_MAX _MAX_PATH > #endif > char srcfname [_PATH_MAX]; // [L_tmpnam + 32]; > std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root); -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.