Uploaded image for project: 'C++ Standard Library'
  1. C++ Standard Library
  2. STDCXX-989

[EDG C++ 3.9] definition of jmp_buf causes buffer overflow

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.2.x
    • Fix Version/s: 4.2.x
    • Component/s: 18. Language Support
    • Labels:
      None
    • Environment:

      Linux/EDG C++ 3.9

    • Severity:
      Incorrect Behavior

      Description

      The jmp_buf definition provided in include/ansi/_csetjmp.h is not as large as setjmp() is expecting. This causes a buffer overflow when running tests that use the test driver (rw_test), which results in data corruption. If you run the tests with --trace, you will see that the clause field of the output is always corrupt after the first use.

      The following shows the expected size for us...

      $ cat u.cpp; eccp u.cpp && ./a.out
      #include <setjmp.h>
      #include <stdio.h>
      
      int main ()
      {
          printf ("%u\n", sizeof (jmp_buf));
          return 0;
      }
      156
      

      The definition of jmp_buf in include/rw/_csetjmp.h is a buffer of 8 bytes.

        Attachments

          Activity

            People

            • Assignee:
              sebor Martin Sebor
              Reporter:
              vitek Travis Vitek
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 1h
                1h
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 1h
                1h