#813 ./src/main.c Overlapping data buffer 'dirbuildup'

Bill Egert

Using curl 7.19.4

"If copying takes place between objects that overlap as a result of a call to
sprintf() or snprintf(), the results are undefined."

E.g. on line 5290 you have:
sprintf(dirbuildup,"%s%s%s",dirbuildup, DIR_CHAR, tempdir);

cppcheck 1.29 (https://sourceforge.net/projects/cppcheck/) yeilds:
[./src/main.c:5290]: (error) Overlapping data buffer dirbuildup


  • Daniel Stenberg

    Daniel Stenberg - 2009-03-07
    • labels: --> client module
    • assigned_to: nobody --> bagder
    • status: open --> open-works-for-me
  • Daniel Stenberg

    Daniel Stenberg - 2009-03-07

    This reports assume that we're using a sprintf() implementation anywhere where this might be a problem.

    However, curl uses the curlx_ printf setup from libcurl's source code base so we can in fact know that we use the same implementation on all platforms and thus I can't see how this is an actual bug in curl atm. Can you?

    We should most likely change this code anyway to make it more obvious and less relying on obscure features.

  • Bill Egert

    Bill Egert - 2009-03-08

    I guess I agree then, I was not aware that curl had its own implementation of sprintf().

    Also agree that it would be nice to change the code as to avoid possible copies of this bug report :P

  • Daniel Stenberg

    Daniel Stenberg - 2009-03-08
    • status: open-works-for-me --> closed-works-for-me
  • Daniel Stenberg

    Daniel Stenberg - 2009-03-08

    Thanks for pointing this out. I've now modified the code to not rely on this feature. Case closed!


Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks