[cfe-dev] [libcxx][windows]
Howard Hinnant
hhinnant at apple.com
Sun Oct 28 11:11:01 PDT 2012
I received the following suggestions concerning src/support/win32/support.cpp. Could someone with a stake in libcxx on Windows take a look at this and make a recommendation? Thanks.
------------
The nature of the fixes means it certainly wont make things worse, though I imagine the whole file will get deleted eventually.
The first bug is on line 33 of support.cpp. See the comment.
int vasprintf( char **sptr, const char *__restrict fmt, va_list ap )
{
*sptr = NULL;
int count = vsnprintf( *sptr, 0, fmt, ap );
if( (count >= 0) && ((*sptr = (char*)malloc(count+1)) != NULL) )
{
vsprintf( *sptr, fmt, ap );
/// -- The line below is wrong and needs to be removed as I've done here.
/// spr[count] refers to a pointer not a character and vsprintf will null terminate anyway.
/// Left in, it will scribble over random memory quite a ways from the source.
//sptr[count] = '\0'; // <--- WRONG
}
return count;
}
The second bug is on line 60 of support.cpp: I've no idea about the code in general, but the new should be +1. see the comment.
size_t wcsnrtombs( char *__restrict dst, const wchar_t **__restrict src,
size_t nwc, size_t len, mbstate_t *__restrict ps )
{
// <---- The line below should be nwc+1.
wchar_t* local_src = new wchar_t[nwc];
wchar_t* nwcsrc = local_src;
wcsncpy(nwcsrc, *src, nwc);
// <----- The line below is fine buy definite overwrite here without adding +1 above.
nwcsrc[nwc] = '\0';
const size_t result = wcsrtombs( dst, const_cast<const wchar_t **>(&nwcsrc), len, ps );
// propogate error
if( nwcsrc == NULL )
*src = NULL;
delete[] nwcsrc;
return result;
}
------------
Howard
More information about the cfe-dev
mailing list