Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#813 ./src/main.c Overlapping data buffer 'dirbuildup'

closed-works-for-me
5
2013-06-21
2009-03-07
Bill Egert
No

Using curl 7.19.4

"If copying takes place between objects that overlap as a result of a call to
sprintf() or snprintf(), the results are undefined."
http://www.opengroup.org/onlinepubs/000095399/functions/printf.html

E.g. on line 5290 you have:
sprintf(dirbuildup,"%s%s%s",dirbuildup, DIR_CHAR, tempdir);

cppcheck 1.29 (https://sourceforge.net/projects/cppcheck/) yeilds:
[./src/main.c:5290]: (error) Overlapping data buffer dirbuildup

Discussion

    • labels: --> client module
    • assigned_to: nobody --> bagder
    • status: open --> open-works-for-me
     
  • This reports assume that we're using a sprintf() implementation anywhere where this might be a problem.

    However, curl uses the curlx_ printf setup from libcurl's source code base so we can in fact know that we use the same implementation on all platforms and thus I can't see how this is an actual bug in curl atm. Can you?

    We should most likely change this code anyway to make it more obvious and less relying on obscure features.

     
  • Bill Egert
    Bill Egert
    2009-03-08

    I guess I agree then, I was not aware that curl had its own implementation of sprintf().

    Also agree that it would be nice to change the code as to avoid possible copies of this bug report :P

     
    • status: open-works-for-me --> closed-works-for-me
     
  • Thanks for pointing this out. I've now modified the code to not rely on this feature. Case closed!