Menu
▾
▴
#915 Buffer overflow in tmpnam on mingw clang64 (msys2)
In the following code I get a buffer overflow on mingw32 clang MSYS2:
#include <stdio.h>
#include <string.h>
int main() {
char buf[L_tmpnam];
printf("%d L_tmpnam\n", (int)L_tmpnam);
if(tmpnam(buf) == NULL)
return 0;
printf("%d %s\n", (int)strlen(buf), buf);
return 0;
}
This is the output on MSYS2 MINGW64 (which is correct):
user@DESKTOP-JV760I2 MINGW64 ~
$ gcc test.c -o test && ./test
14 L_tmpnam
6 \s568.
This is the output on MSYS2 CLANG64 (which is wrong):
user@DESKTOP-JV760I2 CLANG64 ~
$ gcc test.c -o test && ./test
14 L_tmpnam
20 C:\msys64\tmp\s1fs.0
Notice that the buf length is greater than the it's size.
This are leading to crashes in programs that I use tmpnam, looks like that L_tmpnam value is wrong on MinGW with Clang.
