Debug mode output broken
Paolo Carlini
pcarlini@suse.de
Fri Aug 6 12:12:00 GMT 2004
Jonathan Wakely wrote:
> What's supposed to happen is that __n chars are copied to __buf,
> followed by '\0'.
*at most* __n chars are copied to __buf: that's the semantics of snprintf.
>My first patch (to insert '\0' at __buf[__n-1]) gives the right answer,
>but doesn't prevent buffer overflow if strlen(__s) >= __bufsize.
>
>
It's not only that doesn't prevent the overflow.
You have not explained *why* you have to add by hand that '\0'. This is
never
supposed to happen with functions that always add a '\0' automatically.
The real fix involves understanding *why* there is junk between
__buf[__n - 1]
and the position in the allocated buffer where sprintf actually places
the '\0'.
You have not explained that.
Paolo.
More information about the Libstdc++
mailing list