[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#348117: marked as done (Buffer overflow in example code c++/demo.cc)

Your message dated Sat, 29 Aug 2009 14:09:23 -0400
with message-id <20090829180923.GA18388@invisible-island.net>
and subject line re: #348117 Buffer overflow in example code c++/demo.cc
has caused the Debian Bug report #348117,
regarding Buffer overflow in example code c++/demo.cc
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
348117: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348117
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: g++-4.0
Version: 4.0.2-5
Severity: important


Retesting ncurses c++ demo, I get an exception in code which hasn't
changed for several months and which has no apparent error (checked
with valgrind).  This function

void TestApplication::init_labels(Soft_Label_Key_Set& S) const
{ 
  for(int i=1; i <= S.labels(); i++) {
    char buf[5];
    ::sprintf(buf,"Key%02d",i);
    S[i] = buf;                                      // Text 
    S[i] = Soft_Label_Key_Set::Soft_Label_Key::Left; // Justification 
  }
}

is raising an exception in the [] operator for S, which claims that
the index i is zero.  So it dies on the "Text" line.  The buf variable
contains "Key01", so the index was correct on the previous line.
valgrind can only tell me that the program raised an exception -
which is not the cause of the problem in this case.  Here's what
gdb shows me:

(gdb) break demo.cc:504
Breakpoint 1 at 0x804b724: file ../c++/demo.cc, line 504.
(gdb) run
Starting program: /usr/build/ncurses/ncurses-5.5-20060114/c++/demo

Breakpoint 1, TestApplication::init_labels (this=0x805cdac, S=@0x805cec0)
    at ../c++/demo.cc:504
504         ::sprintf(buf,"Key%02d",i);
(gdb) print i
$1 = 1
(gdb) next
505         S[i] = buf;                                      // Text
(gdb) print i
$2 = 0
(gdb) 

I checked this against ncurses 5.5, just in case there was some
recent change of mine that I should debug - it has the same
problem.

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27-td2
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages g++-4.0 depends on:
ii  gcc-4.0                       4.0.2-5    The GNU C compiler
ii  gcc-4.0-base                  4.0.2-5    The GNU Compiler Collection (base 
ii  libc6                         2.3.5-8    GNU C Library: Shared libraries an
ii  libstdc++6-4.0-dev            4.0.2-5    The GNU Standard C++ Library v3 (d

g++-4.0 recommends no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
this was fixed in ncurses 20060121 patch.

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net

Attachment: signature.asc
Description: Digital signature


--- End Message ---
Reply to: