* Re: Buffer overwrite in libstdc++-v3 test 21_strings/c_strings.cc?
@ 2001-09-24 13:18 Benjamin Kosnik
2001-09-24 14:13 ` Phil Edwards
0 siblings, 1 reply; 6+ messages in thread
From: Benjamin Kosnik @ 2001-09-24 13:18 UTC (permalink / raw)
To: gcc, hans-peter.nilsson
The patch to fix this is pre-approved. Thanks for pointing it out.
-benjamin
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Buffer overwrite in libstdc++-v3 test 21_strings/c_strings.cc?
2001-09-24 13:18 Buffer overwrite in libstdc++-v3 test 21_strings/c_strings.cc? Benjamin Kosnik
@ 2001-09-24 14:13 ` Phil Edwards
2001-09-24 14:30 ` Benjamin Kosnik
0 siblings, 1 reply; 6+ messages in thread
From: Phil Edwards @ 2001-09-24 14:13 UTC (permalink / raw)
To: Benjamin Kosnik; +Cc: gcc, hans-peter.nilsson
On Mon, Sep 24, 2001 at 01:17:56PM -0700, Benjamin Kosnik wrote:
>
> The patch to fix this is pre-approved. Thanks for pointing it out.
I'm wondering why it never shows up as a testsuite failure....
Phil
--
"You have to wonder what kind of life you have when your list of personal
rules begins with, '#3: No drowning in your own mucus,' and '#4: Don't
ask what happened to rules 1 and 2.'"
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Buffer overwrite in libstdc++-v3 test 21_strings/c_strings.cc?
2001-09-24 14:13 ` Phil Edwards
@ 2001-09-24 14:30 ` Benjamin Kosnik
2001-09-25 18:46 ` Phil Edwards
0 siblings, 1 reply; 6+ messages in thread
From: Benjamin Kosnik @ 2001-09-24 14:30 UTC (permalink / raw)
To: Phil Edwards; +Cc: gcc, hans-peter.nilsson
I think it was on solaris. No matter. Phil, can you take care of this?
thanks
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Buffer overwrite in libstdc++-v3 test 21_strings/c_strings.cc?
2001-09-24 14:30 ` Benjamin Kosnik
@ 2001-09-25 18:46 ` Phil Edwards
0 siblings, 0 replies; 6+ messages in thread
From: Phil Edwards @ 2001-09-25 18:46 UTC (permalink / raw)
To: Benjamin Kosnik; +Cc: gcc, hans-peter.nilsson
On Mon, Sep 24, 2001 at 02:30:34PM -0700, Benjamin Kosnik wrote:
>
> I think it was on solaris. No matter. Phil, can you take care of this?
Sure. Since it's testing C strings, I'll succumb to C Programmer's Disease
[q.v.] and just bump the size.
(Should we be doing anything with the character variables returned from
the various functions later in those tests?)
Trunk and branch.
2001-09-25 Phil Edwards <pme@gcc.gnu.org>
* testsuite/21_strings/c_strings.cc (test01, test02): Increase
`carray' size.
Index: testsuite/21_strings/c_strings.cc
===================================================================
RCS file: /cvs/gcc/gcc/libstdc++-v3/testsuite/21_strings/c_strings.cc,v
retrieving revision 1.5
diff -u -3 -p -r1.5 c_strings.cc
--- c_strings.cc 2001/05/25 01:33:21 1.5
+++ c_strings.cc 2001/09/26 01:42:30
@@ -33,7 +33,7 @@ void test01()
const char* cc1 = &cc;
const char* ccarray1 = "san francisco roof garden inspectors";
const char* ccarray2 = "san francisco sunny-day park inspectors";
- char carray[30];
+ char carray[50];
std::strcpy(carray, ccarray1);
void* v = carray;
const void* cv = ccarray1;
@@ -70,7 +70,7 @@ void test02()
const char* ccarray1 = "san francisco roof garden inspectors";
const char* ccarray2 = "san francisco sunny-day park inspectors";
- char carray[30];
+ char carray[50];
strcpy(carray, ccarray1);
void* v = carray;
const void* cv = ccarray1;
^ permalink raw reply [flat|nested] 6+ messages in thread
* Buffer overwrite in libstdc++-v3 test 21_strings/c_strings.cc?
@ 2001-09-24 6:27 Hans-Peter Nilsson
2001-09-24 6:44 ` Rick Copeland
0 siblings, 1 reply; 6+ messages in thread
From: Hans-Peter Nilsson @ 2001-09-24 6:27 UTC (permalink / raw)
To: gcc; +Cc: libstdc++
Is this some C++ gotcha or is there an obvious buffer-overwrite
here? The CRIS gcc port and the simulator dump says the buffer
is overwritten, but there's no absolute truth in that.
...
const char* ccarray1 = "san francisco roof garden inspectors";
const char* ccarray2 = "san francisco sunny-day park inspectors";
char carray[30];
std::strcpy(carray, ccarray1);
...
Will trade patch for clue.
brgds, H-P
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Buffer overwrite in libstdc++-v3 test 21_strings/c_strings.cc?
2001-09-24 6:27 Hans-Peter Nilsson
@ 2001-09-24 6:44 ` Rick Copeland
0 siblings, 0 replies; 6+ messages in thread
From: Rick Copeland @ 2001-09-24 6:44 UTC (permalink / raw)
To: Hans-Peter Nilsson; +Cc: gcc, libstdc++
Well, since strlen(ccarray1) == 36, and you're copying into a 30-byte
array, it looks like an obvious buffer-overflow [write?].
Hans-Peter Nilsson wrote:
>Is this some C++ gotcha or is there an obvious buffer-overwrite
>here? The CRIS gcc port and the simulator dump says the buffer
>is overwritten, but there's no absolute truth in that.
>
> ...
> const char* ccarray1 = "san francisco roof garden inspectors";
> const char* ccarray2 = "san francisco sunny-day park inspectors";
> char carray[30];
> std::strcpy(carray, ccarray1);
> ...
>
>Will trade patch for clue.
>
>brgds, H-P
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2001-09-25 18:46 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-09-24 13:18 Buffer overwrite in libstdc++-v3 test 21_strings/c_strings.cc? Benjamin Kosnik
2001-09-24 14:13 ` Phil Edwards
2001-09-24 14:30 ` Benjamin Kosnik
2001-09-25 18:46 ` Phil Edwards
-- strict thread matches above, loose matches on Subject: below --
2001-09-24 6:27 Hans-Peter Nilsson
2001-09-24 6:44 ` Rick Copeland
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).