This is the mail archive of the
mailing list for the libstdc++ project.
Re: Debug mode output broken
Jonathan Wakely wrote:
What's supposed to happen is that __n chars are copied to __buf,
followed by '\0'.
*at most* __n chars are copied to __buf: that's the semantics of snprintf.
My first patch (to insert '\0' at __buf[__n-1]) gives the right answer,It's not only that doesn't prevent the overflow.
but doesn't prevent buffer overflow if strlen(__s) >= __bufsize.
You have not explained *why* you have to add by hand that '\0'. This is
supposed to happen with functions that always add a '\0' automatically.
The real fix involves understanding *why* there is junk between
__buf[__n - 1]
and the position in the allocated buffer where sprintf actually places
You have not explained that.