This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: Fix writing beyond array bounds in codecvt/unshift/char/1.cc
- From: Alexander Monakov <amonakov at ispras dot ru>
- To: Andreas Schwab <schwab at redhat dot com>
- Cc: gcc-patches at gcc dot gnu dot org, libstdc++ at gcc dot gnu dot org, Benjamin Kosnik <bkoz at redhat dot com>
- Date: Thu, 22 Apr 2010 17:14:22 +0400 (MSD)
- Subject: Re: Fix writing beyond array bounds in codecvt/unshift/char/1.cc
- References: <alpine.LNX.2.00.1004131816450.308@monoid.intra.ispras.ru> <m3fx2zpfpx.fsf@hase.home>
[adding libstdc++@gcc.gnu.org to Cc:]
Alexander Monakov <amonakov@ispras.ru> writes:
> > 'size' definition seemingly does not account for a zero byte, and thus strcpy
> > call near the end of the test overwrites one byte beyond allocated memory,
> > which may lead to spurious test failures. The patch simply bumps size to 24.
On Tue, 13 Apr 2010, Andreas Schwab wrote:
> Alexander Monakov <amonakov@ispras.ru> writes:
>
> > diff --git a/libstdc++-v3/testsuite/22_locale/codecvt/unshift/char/1.cc b/libstdc++-v3/testsuite/22_locale/codecvt/unshift/char/1.cc
> > index ba417af..8a45efc 100644
> > --- a/libstdc++-v3/testsuite/22_locale/codecvt/unshift/char/1.cc
> > +++ b/libstdc++-v3/testsuite/22_locale/codecvt/unshift/char/1.cc
> > @@ -35,7 +35,7 @@ void test01()
> > bool test __attribute__((unused)) = true;
> > const char* c_lit = "black pearl jasmine tea";
> > const char* from_next;
> > - int size = 23;
> > + int size = 24;
>
> How about using strlen(c_lit)?
>
> > char* c_arr = new char[size];
> > char* c_ref = new char[size];
>
> I think you rather want to use size+1 for the allocations.
>
> Andreas.
>
>
I'd rather keep allocations as is, since size is passed as an argument into
various functions in the test, and we probably want to notice them access one
element beyond array bounds. Thus, I'm changing size to strlen(c_lit) + 1.
OK to commit?
2010-04-22 Alexander Monakov <amonakov@ispras.ru>
* 22_locale/codecvt/unshift/char/1.cc (test01): Correct definition of size.
diff --git a/libstdc++-v3/testsuite/22_locale/codecvt/unshift/char/1.cc b/libstdc++-v3/testsuite/22_locale/codecvt/unshift/char/1.cc
index ba417af..6e851ff 100644
--- a/libstdc++-v3/testsuite/22_locale/codecvt/unshift/char/1.cc
+++ b/libstdc++-v3/testsuite/22_locale/codecvt/unshift/char/1.cc
@@ -35,7 +35,7 @@ void test01()
bool test __attribute__((unused)) = true;
const char* c_lit = "black pearl jasmine tea";
const char* from_next;
- int size = 23;
+ int size = strlen(c_lit) + 1;
char* c_arr = new char[size];
char* c_ref = new char[size];
char* to_next;