[jira] Commented: (STDCXX-524) buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)

Fri, 17 Aug 2007 16:25:04 -0700 

    [ 
https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12520707
 ] 

Martin Sebor commented on STDCXX-524:
-------------------------------------

Ouch!

The test driver defines the rw_tmpnam() function that's supposed to be used for 
creating temporary file names. Looking at make_LC_TIME(), I don't think 
rw_tmpnam() is quite robust enough to handle the use case there. I see two 
other alternatives to dealing with the bug besides the one you suggest:

1. Forget about creating the files under the locale root directory and use 
rw_tmpnam() to obtain the names of the two temporary files the function uses. 
Change the function to delete the files when it's done generating the locale.

2. Replace rw_tmpnam() with rw_tempnam(), the equivalent of the POSIX tempnam() 
function, and change make_LC_TIME() and all other clients of rw_tmpnam() to 
call rw_tempnam() instead. See the POSIX man page for tempnam() here: 
http://www.opengroup.org/onlinepubs/009695399/functions/tempnam.html

> buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
> ------------------------------------------------------------
>
>                 Key: STDCXX-524
>                 URL: https://issues.apache.org/jira/browse/STDCXX-524
>             Project: C++ Standard Library
>          Issue Type: Bug
>          Components: Tests
>            Reporter: Travis Vitek
>            Priority: Trivial
>
> This test uses L_tmpnam to determine the length of a buffer used to store a 
> filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), 
> but the buffer is written to with std::sprintf(). When I run the test, the 
> allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this 
> will vary based on user name and other variables]. Perhaps the buffer should 
> be made larger, or some other method should be used to fill the buffer. 
> Perhaps this would work.
> #if !defined (_WIN32) && !defined (_WIN64)
> #  define _PATH_MAX PATH_MAX
> #else
> #  define _PATH_MAX _MAX_PATH
> #endif
>     char srcfname [_PATH_MAX]; // [L_tmpnam + 32];
>     std::sprintf (srcfname, "%s" SLASH "LC_TIME.src", locale_root);

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to