This is the mail archive of the libstdc++@gcc.gnu.org mailing list for the libstdc++ project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Debug mode output broken


Jonathan Wakely wrote:

What's supposed to happen is that __n chars are copied to __buf,
followed by '\0'.

*at most* __n chars are copied to __buf: that's the semantics of snprintf.


My first patch (to insert '\0' at __buf[__n-1]) gives the right answer,
but doesn't prevent buffer overflow if strlen(__s) >= __bufsize.


It's not only that doesn't prevent the overflow.

You have not explained *why* you have to add by hand that '\0'. This is never
supposed to happen with functions that always add a '\0' automatically.


The real fix involves understanding *why* there is junk between __buf[__n - 1]
and the position in the allocated buffer where sprintf actually places the '\0'.


You have not explained that.

Paolo.




Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]