This is the mail archive of the libstdc++@gcc.gnu.org mailing list for the libstdc++ project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: Buffer overwrite in libstdc++-v3 test 21_strings/c_strings.cc?

To: Hans-Peter Nilsson <hans-peter dot nilsson at axis dot com>
Subject: Re: Buffer overwrite in libstdc++-v3 test 21_strings/c_strings.cc?
From: Rick Copeland <rick at proceler dot com>
Date: Mon, 24 Sep 2001 09:44:18 -0400
CC: gcc at gcc dot gnu dot org, libstdc++ at gcc dot gnu dot org
References: <200109241327.PAA00792@ignucius.axis.se>

Well, since strlen(ccarray1) == 36, and you're copying into a 30-byte 
array, it looks like an obvious buffer-overflow [write?].

Hans-Peter Nilsson wrote:

>Is this some C++ gotcha or is there an obvious buffer-overwrite
>here?  The CRIS gcc port and the simulator dump says the buffer
>is overwritten, but there's no absolute truth in that.
>
> ...
>  const char* ccarray1 = "san francisco roof garden inspectors";
>  const char* ccarray2 = "san francisco sunny-day park inspectors";
>  char carray[30];
>  std::strcpy(carray, ccarray1);
> ...
>
>Will trade patch for clue.
>
>brgds, H-P
>
>

References:
- Buffer overwrite in libstdc++-v3 test 21_strings/c_strings.cc?
  - From: Hans-Peter Nilsson

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]