Bug#416928: marked as done (libc6: off-by-one bug in strxfrm())
Your message dated Wed, 25 Apr 2007 01:04:36 +0200
with message-id <20070424230436.GA20118@volta.aurel32.net>
and subject line libc6: off-by-one bug in strxfrm()
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
- To: "Debian BTS" <submit@bugs.debian.org>
- Subject: libc6: off-by-one bug in strxfrm()
- From: "Piotr Engelking" <inkerman42@gmail.com>
- Date: Sat, 31 Mar 2007 16:49:13 +0200
- Message-id: <814371d60703310749o71a5bd6eya43afda6cd5ba385@mail.gmail.com>
Package: libc6
Version: 2.3.6.ds1-13
Severity: normal
The result of strxfrm() varies depending on the length of the destination
buffer. In particular, in the pl_PL.UTF8 locale, strxfrm(buf, "a", i)
returns 6 for i <= 6, and 5 for i > 6 (and the string placed in the
destination buffer does, indeed, have the length of 5). This mismatch is
probably unintended. It is also a violation of the C standard, which states:
"The strxfrm function returns the length of the transformed
string (not including the terminating null character)."
Steps to reproduce:
$ cat foo.c
#include <locale.h>
#include <stdio.h>
#include <string.h>
int
main(void)
{
char buf[42];
size_t i;
printf("%s\n", setlocale(LC_COLLATE, "pl_PL.UTF8"));
for (i = 0; i <= 9; ++i)
{
char *p;
memset(buf, '\0', sizeof(buf));
printf("%zd: %zd:", i, strxfrm(buf, "a", i));
for (p = buf; *p; ++p)
printf(" %02x", (int)*p);
printf("\n");
}
return 0;
}
$ gcc foo.c && ./a.out
pl_PL.UTF8
0: 6:
1: 6:
2: 6: 0c 01
3: 6: 0c 01
4: 6: 0c 01 08 01
5: 6: 0c 01 08 01
6: 6: 0c 01 08 01 02 01
7: 5: 0c 01 08 01 02
8: 5: 0c 01 08 01 02
9: 5: 0c 01 08 01 02
$
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18
Locale: LANG=C, LC_CTYPE=pl_PL.UTF8 (charmap=UTF-8)
Versions of packages libc6 depends on:
ii tzdata 2007b-1 Time Zone and Daylight Saving Time
libc6 recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
- To: 416928-done@bugs.debian.org
- Subject: Re: libc6: off-by-one bug in strxfrm()
- From: Aurelien Jarno <aurelien@aurel32.net>
- Date: Wed, 25 Apr 2007 01:04:36 +0200
- Message-id: <20070424230436.GA20118@volta.aurel32.net>
- In-reply-to: <814371d60703310749o71a5bd6eya43afda6cd5ba385@mail.gmail.com>
- References: <814371d60703310749o71a5bd6eya43afda6cd5ba385@mail.gmail.com>
On Sat, Mar 31, 2007 at 04:49:13PM +0200, Piotr Engelking wrote:
> Package: libc6
> Version: 2.3.6.ds1-13
> Severity: normal
>
> The result of strxfrm() varies depending on the length of the destination
> buffer. In particular, in the pl_PL.UTF8 locale, strxfrm(buf, "a", i)
> returns 6 for i <= 6, and 5 for i > 6 (and the string placed in the
> destination buffer does, indeed, have the length of 5). This mismatch is
> probably unintended. It is also a violation of the C standard, which states:
>
> "The strxfrm function returns the length of the transformed
> string (not including the terminating null character)."
>
>
> Steps to reproduce:
>
> $ cat foo.c
> #include <locale.h>
> #include <stdio.h>
> #include <string.h>
>
> int
> main(void)
> {
> char buf[42];
> size_t i;
>
> printf("%s\n", setlocale(LC_COLLATE, "pl_PL.UTF8"));
>
> for (i = 0; i <= 9; ++i)
> {
> char *p;
>
> memset(buf, '\0', sizeof(buf));
> printf("%zd: %zd:", i, strxfrm(buf, "a", i));
>
> for (p = buf; *p; ++p)
> printf(" %02x", (int)*p);
>
> printf("\n");
> }
>
> return 0;
> }
> $ gcc foo.c && ./a.out
> pl_PL.UTF8
> 0: 6:
> 1: 6:
> 2: 6: 0c 01
> 3: 6: 0c 01
> 4: 6: 0c 01 08 01
> 5: 6: 0c 01 08 01
> 6: 6: 0c 01 08 01 02 01
> 7: 5: 0c 01 08 01 02
> 8: 5: 0c 01 08 01 02
> 9: 5: 0c 01 08 01 02
> $
>
>
I am able to reproduce this bug using a glibc 2.3.6, but not using a
glibc 2.5. I guess the bug has been fixed, so I am closing the bug.
--
.''`. Aurelien Jarno | GPG: 1024D/F1BCDB73
: :' : Debian developer | Electrical Engineer
`. `' aurel32@debian.org | aurelien@aurel32.net
`- people.debian.org/~aurel32 | www.aurel32.net
--- End Message ---
Reply to: