[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Possible bug in libsvn_ra_dav/commit.c? Any sprintf gurus please look.

From: Bryan O'Sullivan <bos_at_serpentine.com>
Date: 2001-11-21 07:17:35 CET

On Tue, 2001-11-20 at 21:38, B. W. Fitzpatrick wrote:

> So I look inside of apr_uuid_format. Basically it does an sprintf of
> uuid->data into uuid_buf. I checked... it's doing sprintf'ing 36
> bytes, and we've allocated 36 bytes, so all should be OK.
>
> And now, finally my questions:

> 1. Doesn't sprintf throw an \0 onto the end of the string [...]

Yes.

> 2. Shouldn't we allocate uuid_buf as [APR_UUID_FORMATTED_LENGTH +1] ?

Yes. Look, ma, I've stack-smashed myself!

> 3. Why doesn't this blow up on other platforms? Why oh why oh why?

My guess is that "other platforms" are just about all little-endian (in
fact, just about all x86, and probably just about all compiled with gcc
and the same bunch of compiler options), and you're getting lucky with
your stack alignment such that the low-order byte of the address of
uuid_buf happens to be zero. If it gets scribbled on by another zero
byte, no apparent problemo.

This looks like a misinterpretation of the meaning of
APR_UUID_FORMATTED_LENGTH by whoever wrote create_activity.

        <b

  • application/pgp-signature attachment: stored
Received on Sat Oct 21 14:36:49 2006

This is an archived mail posted to the Subversion Dev mailing list.