This is the mail archive of the libstdc++@gcc.gnu.org mailing list for the libstdc++ project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: Buffer overwrite in libstdc++-v3 test 21_strings/c_strings.c

To: hosler at lugs dot org dot sg
Subject: Re: Buffer overwrite in libstdc++-v3 test 21_strings/c_strings.c
From: Hans-Peter Nilsson <hans-peter dot nilsson at axis dot com>
Date: Mon, 24 Sep 2001 16:36:59 +0200
CC: hans-peter dot nilsson at axis dot com, libstdc++ at gcc dot gnu dot org, gcc at gcc dot gnu dot org

> Date: Mon, 24 Sep 2001 22:24:35 +0800 (SGT)
> From: Greg Hosler <hosler@lugs.org.sg>

> On 24-Sep-2001 Hans-Peter Nilsson wrote:
> > Is this some C++ gotcha or is there an obvious buffer-overwrite
> > here?  The CRIS gcc port and the simulator dump says the buffer
> > is overwritten, but there's no absolute truth in that.
> > 
> >  ...
> >   const char* ccarray1 = "san francisco roof garden inspectors";
> >   const char* ccarray2 = "san francisco sunny-day park inspectors";
> >   char carray[30];
> >   std::strcpy(carray, ccarray1);
> >  ...
> > 
> > Will trade patch for clue.
> 
> how do you fit 37 characters (i.e. strlen(ccarray1) + 1 for the null)
> into 30 char buffer (size of carray), without overflowing it ?

That's the question I'm asking.  But presumably some corner in
that pile of papers called a C++ standards document could
interpret to say that strcpy should "DWIM" here.  Anyway, since
now two people see the same thing I do, enough said.

brgds, H-P

References:
- RE: Buffer overwrite in libstdc++-v3 test 21_strings/c_strings.c
  - From: Greg Hosler

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]