Re: Possible bug in libsvn_ra_dav/commit.c? Any sprintf gurus please look.

From: Bryan O'Sullivan <bos_at_serpentine.com>
Date: 2001-11-21 07:17:35 CET

On Tue, 2001-11-20 at 21:38, B. W. Fitzpatrick wrote:

> So I look inside of apr_uuid_format. Basically it does an sprintf of
> uuid->data into uuid_buf. I checked... it's doing sprintf'ing 36
> bytes, and we've allocated 36 bytes, so all should be OK.
>
> And now, finally my questions:

> 1. Doesn't sprintf throw an \0 onto the end of the string [...]

Yes.

> 2. Shouldn't we allocate uuid_buf as [APR_UUID_FORMATTED_LENGTH +1] ?

Yes. Look, ma, I've stack-smashed myself!

> 3. Why doesn't this blow up on other platforms? Why oh why oh why?

My guess is that "other platforms" are just about all little-endian (in
fact, just about all x86, and probably just about all compiled with gcc
and the same bunch of compiler options), and you're getting lucky with
your stack alignment such that the low-order byte of the address of
uuid_buf happens to be zero. If it gets scribbled on by another zero
byte, no apparent problemo.

This looks like a misinterpretation of the meaning of
APR_UUID_FORMATTED_LENGTH by whoever wrote create_activity.

application/pgp-signature attachment: stored

Received on Sat Oct 21 14:36:49 2006

This message: [ Message body ]
Next message: Paul Smith: "Re: "Damn the license, full speed ahead!""
Previous message: B. W. Fitzpatrick: "Possible bug in libsvn_ra_dav/commit.c? Any sprintf gurus please look."
In reply to: B. W. Fitzpatrick: "Possible bug in libsvn_ra_dav/commit.c? Any sprintf gurus please look."
Next in thread: Greg Stein: "Re: Possible bug in libsvn_ra_dav/commit.c? Any sprintf gurus please look."
Reply: Greg Stein: "Re: Possible bug in libsvn_ra_dav/commit.c? Any sprintf gurus please look."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]