This is the mail archive of the
cygwin@sourceware.cygnus.com
mailing list for the Cygwin project.
B19: tempnam memory allocation bug
- To: gnu-win32 at cygnus dot com
- Subject: B19: tempnam memory allocation bug
- From: Todd Massey <massey at surefirev dot com>
- Date: Thu, 15 Oct 1998 09:32:17 -0700
Found in newlib/libc/stdio/tmpnam.c
The problem exists in the following line:
length = strlen (dir) + strlen (pfx) + 10 + 1;
It seems that the assumption was made that there are 2 integers of size 4
bytes
each being used in the tempnam, thus.
10 = 4 (first integer) + 4 (second integer) + 1 ('_') + 1 ('.')
The problem is that when you print an integer out as hex in a character string
it is actually every character represents 4 bits of the integer, thus 8 bytes
per integer are used. Thus it should be
18 = 8 (first integer) + 8 (second integer) + 1 ('_') + 1 ('.')
So the line should be:
length = strlen (dir) + strlen (pfx) + 18 + 1;
char *
_DEFUN (_tempnam_r, (p, dir, pfx),
struct _reent *p _AND
char *dir _AND
char *pfx)
{
char *filename;
int length;
if (dir == NULL && (dir = getenv ("TMPDIR")) == NULL)
dir = P_tmpdir;
length = strlen (dir) + strlen (pfx) + 10 + 1; /* two 8 digit
numbers + . / */
filename = _malloc_r (p, length);
if (filename)
{
if (! worker (p, filename, dir, pfx,
_getpid_r (p) ^ (int) (_POINTER_INT) p, &p->_inc))
return NULL;
}
return filename;
}
/\ Todd Massey <massey@surefirev.com>
/\// SureFire Verification Inc. <http://www.surefirev.com>
/\///\ 1671 Dell Ave, Campbell, CA 95008 -- 408-374-4100 x102
_\///\/ Formerly Silicon Sorcery
\//\/ Check out the Scuba Divers Review Site
\/ ----> www.scuba-divers.com
-
For help on using this list (especially unsubscribing), send a message to
"gnu-win32-request@cygnus.com" with one line of text: "help".