public inbox for gcc-prs@sourceware.org
help / color / mirror / Atom feed
* Re: libstdc++/9538: Out-of-bounds memory access in streambuf::sputbackc
@ 2003-02-04 18:19 paolo
0 siblings, 0 replies; 3+ messages in thread
From: paolo @ 2003-02-04 18:19 UTC (permalink / raw)
To: gcc-bugs, gcc-prs, paolo, peturr02
Synopsis: Out-of-bounds memory access in streambuf::sputbackc
State-Changed-From-To: analyzed->closed
State-Changed-By: paolo
State-Changed-When: Tue Feb 4 18:19:40 2003
State-Changed-Why:
Fixed for 3.3 and 3.4 (and 3.2.3).
http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&pr=9538
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: libstdc++/9538: Out-of-bounds memory access in streambuf::sputbackc
@ 2003-02-02 18:48 paolo
0 siblings, 0 replies; 3+ messages in thread
From: paolo @ 2003-02-02 18:48 UTC (permalink / raw)
To: gcc-bugs, gcc-prs, nobody, paolo, peturr02
Synopsis: Out-of-bounds memory access in streambuf::sputbackc
Responsible-Changed-From-To: unassigned->paolo
Responsible-Changed-By: paolo
Responsible-Changed-When: Sun Feb 2 18:48:22 2003
Responsible-Changed-Why:
Fixing.
State-Changed-From-To: open->analyzed
State-Changed-By: paolo
State-Changed-When: Sun Feb 2 18:48:22 2003
State-Changed-Why:
Confirmed.
http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&pr=9538
^ permalink raw reply [flat|nested] 3+ messages in thread
* libstdc++/9538: Out-of-bounds memory access in streambuf::sputbackc
@ 2003-02-02 11:56 peturr02
0 siblings, 0 replies; 3+ messages in thread
From: peturr02 @ 2003-02-02 11:56 UTC (permalink / raw)
To: gcc-gnats
>Number: 9538
>Category: libstdc++
>Synopsis: Out-of-bounds memory access in streambuf::sputbackc
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: unassigned
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Feb 02 11:56:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator: peturr02@ru.is
>Release: gcc-3.2.1
>Organization:
>Environment:
Red Hat Linux 8.0
>Description:
basic_streambuf<>::sputbackc accesses gptr()[-1] without first checking if gptr() > eback(). This can be a fatal error if (gptr() - 1) is not a valid address or if char_type is a class type.
>How-To-Repeat:
See attachment.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
----gnatsweb-attachment----
Content-Type: text/plain; name="sputbackcbug2.cc"
Content-Disposition: inline; filename="sputbackcbug2.cc"
#include <streambuf>
#undef NDEBUG
#include <cassert>
using namespace std;
class MyTraits : public char_traits<char>
{
public:
static bool eq(char c1, char c2)
{
assert(c1 >= 0);
assert(c2 >= 0);
return char_traits<char>::eq(c1, c2);
}
};
class MyBuf : public basic_streambuf<char, MyTraits>
{
char buffer[8];
public:
MyBuf()
{
memset(buffer, -1, sizeof(buffer));
memset(buffer + 2, 0, 4);
setg(buffer + 2, buffer + 2, buffer + 6);
}
};
int main()
{
MyBuf mb;
mb.sputbackc(0);
return 0;
}
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-02-04 18:19 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-02-04 18:19 libstdc++/9538: Out-of-bounds memory access in streambuf::sputbackc paolo
-- strict thread matches above, loose matches on Subject: below --
2003-02-02 18:48 paolo
2003-02-02 11:56 peturr02
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).