Hi, could you submit a patch for these bugs?
Cristian
On 09/04/2011 11:20, Frank Busse wrote:
> Hello,
>
> recently I read some sections of main.cpp and took notice of some too
> optimistic uses of the C string functions. For instance (there are
> more):
>
> 266: sprintf(buf, "%s/%s", directory.c_str(), tmp);
> or
> 300: strcpy(m_outputDirectory, p.c_str());
>
> It's easy to segfault klee with:
>
>> klee long_path/test
> or
>> /long_path/klee test -output-dir=.
>
> It may be a better solution to drop the arbitrary 1024 byte limits
> (getOutputFilename(), ...) and just concatenate the strings. Regrettably
> asprintf() isn't available on most systems.
>
> Another (more theoretical) issue may be in:
>
> 262: for (int i = 0; ; i++) {
> 263: char buf[256], tmp[64];
> 264: sprintf(tmp, "klee-out-%d", i);
> ...
> 269: if (DIR *dir = opendir(theDir.c_str())) {
> 270: closedir(dir);
> 271: } else {
> 272: break;
> 273: }
> 274: }
>
> For small ints (word) and lots of directories (klee-out--32768 up to
> klee-out-32767) you never leave the loop.
>
> And btw. there are double includes of<iostream> and<fstream>.
>
>
> Kind regards,
>
> Frank
> _______________________________________________
> klee-dev mailing list
> klee-dev at keeda.stanford.edu
> http://keeda.Stanford.EDU/mailman/listinfo/klee-dev
