[jira] Updated: (STDCXX-524) buffer overflow in test 22.locale.time.get.cpp (make_LC_TIME)
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Martin Sebor updated STDCXX-524: Severity: Runtime Error Summary: buffer overflow in test 22.locale.time.get.cpp (make_LC_TIME) (was: buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)) Added a missing space. buffer overflow in test 22.locale.time.get.cpp (make_LC_TIME) - Key: STDCXX-524 URL: https://issues.apache.org/jira/browse/STDCXX-524 Project: C++ Standard Library Issue Type: Bug Components: Tests Affects Versions: 4.1.2, 4.1.3, 4.1.4 Reporter: Travis Vitek Assignee: Travis Vitek Priority: Trivial Fix For: 4.2.1 Attachments: stdcxx-524.patch This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work. #if !defined (_WIN32) !defined (_WIN64) # define _PATH_MAX PATH_MAX #else # define _PATH_MAX _MAX_PATH #endif char srcfname [_PATH_MAX]; // [L_tmpnam + 32]; std::sprintf (srcfname, %s SLASH LC_TIME.src, locale_root); -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (STDCXX-524) buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Travis Vitek updated STDCXX-524: Patch Info: [Patch Available] buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME) Key: STDCXX-524 URL: https://issues.apache.org/jira/browse/STDCXX-524 Project: C++ Standard Library Issue Type: Bug Components: Tests Affects Versions: 4.1.2, 4.1.3, 4.1.4 Reporter: Travis Vitek Assignee: Travis Vitek Priority: Trivial Fix For: 4.2.1 Attachments: stdcxx-524.patch This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work. #if !defined (_WIN32) !defined (_WIN64) # define _PATH_MAX PATH_MAX #else # define _PATH_MAX _MAX_PATH #endif char srcfname [_PATH_MAX]; // [L_tmpnam + 32]; std::sprintf (srcfname, %s SLASH LC_TIME.src, locale_root); -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (STDCXX-524) buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Travis Vitek updated STDCXX-524: Attachment: (was: stdcxx-524.patch) buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME) Key: STDCXX-524 URL: https://issues.apache.org/jira/browse/STDCXX-524 Project: C++ Standard Library Issue Type: Bug Components: Tests Affects Versions: 4.1.2, 4.1.3, 4.1.4 Reporter: Travis Vitek Assignee: Travis Vitek Priority: Trivial Fix For: 4.2.1 This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work. #if !defined (_WIN32) !defined (_WIN64) # define _PATH_MAX PATH_MAX #else # define _PATH_MAX _MAX_PATH #endif char srcfname [_PATH_MAX]; // [L_tmpnam + 32]; std::sprintf (srcfname, %s SLASH LC_TIME.src, locale_root); -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (STDCXX-524) buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Travis Vitek updated STDCXX-524: Attachment: stdcxx-524.patch 2007/12/12 Travis Vitek [EMAIL PROTECTED] STDCXX-524 * tests/localization/22.locale.codecvt.length.cpp (create_locale): Check return code from rw_snprintf(). * tests/localization/22.locale.codecvt.out.cpp (create_locale): Ditto. * tests/localization/22.locale.time.get.cpp (make_LC_TIME): Ditto. Use rw_snprintf() instead of sprintf(), use larger fixed buffer sizes. * tests/localization/22.locale.time.put.cpp (make_LC_TIME): Ditto. * src/locale.cpp (): Ditto. buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME) Key: STDCXX-524 URL: https://issues.apache.org/jira/browse/STDCXX-524 Project: C++ Standard Library Issue Type: Bug Components: Tests Affects Versions: 4.1.2, 4.1.3, 4.1.4 Reporter: Travis Vitek Assignee: Travis Vitek Priority: Trivial Fix For: 4.2.1 Attachments: stdcxx-524.patch This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work. #if !defined (_WIN32) !defined (_WIN64) # define _PATH_MAX PATH_MAX #else # define _PATH_MAX _MAX_PATH #endif char srcfname [_PATH_MAX]; // [L_tmpnam + 32]; std::sprintf (srcfname, %s SLASH LC_TIME.src, locale_root); -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (STDCXX-524) buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME)
[ https://issues.apache.org/jira/browse/STDCXX-524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Travis Vitek updated STDCXX-524: Fix Version/s: 4.2.1 Affects Version/s: 4.1.2 4.1.3 4.1.4 buffer overflow in test 22.locale.time.get.cpp(make_LC_TIME) Key: STDCXX-524 URL: https://issues.apache.org/jira/browse/STDCXX-524 Project: C++ Standard Library Issue Type: Bug Components: Tests Affects Versions: 4.1.2, 4.1.3, 4.1.4 Reporter: Travis Vitek Assignee: Travis Vitek Priority: Trivial Fix For: 4.2.1 This test uses L_tmpnam to determine the length of a buffer used to store a filename string. Unfortunately, L_tmpnam is intended for use with tmpnam(), but the buffer is written to with std::sprintf(). When I run the test, the allocated buffer is 46 bytes, and the sprintf() call writes 58 bytes [this will vary based on user name and other variables]. Perhaps the buffer should be made larger, or some other method should be used to fill the buffer. Perhaps this would work. #if !defined (_WIN32) !defined (_WIN64) # define _PATH_MAX PATH_MAX #else # define _PATH_MAX _MAX_PATH #endif char srcfname [_PATH_MAX]; // [L_tmpnam + 32]; std::sprintf (srcfname, %s SLASH LC_TIME.src, locale_root); -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.