#590 gcvt used despite not configured forNetBSD

v4.0
closed
5
2012-08-14
2009-03-22
Mike Protts
No

Using svn main trunk.

In interpreter/classes/StringClass.cpp, there is a call to gcvt for method:
RexxString *RexxString::newString(double number, stringsize_t precision)

The configure script has generated config.h wiht:
/ Define to 1 if you have the `gcvt' function. /
/ #undef HAVE_GCVT /

but this is not checked in the code. I put in a quick hack, but I suspect there is already a standard way to do this, although I've not found it yet.

"interpreter/classes/StringClass.cpp" line 2001 of 2107

RexxString RexxString::newString(double number, stringsize_t precision)
{
if (number == 0) /
zero result? /
{
return new_string("0");
}
else
{
char buffer[64];
// format as a string
//---->> REMOVED //gcvt(number, (int)precision, buffer);
// ----->> quick hack follows
size_t len = strlen(buffer);
snprintf(buffer,len,"%.
lu",(int)precision,number);
// ----->> end of quick hack
// if the last character is a decimal, we remove that
if (buffer[len - 1] == '.')

Discussion

  • Mike Protts

    Mike Protts - 2009-03-22

    (updated as it's NetBSD, not FreeBSD)
    $ uname -a
    NetBSD iceland 4.0.1_PATCH NetBSD 4.0.1_PATCH (sdf) #0: Sun Mar 15 05:42:39 UTC 2009 smj@iceland:/var/src/src/sys/arch/alpha/compile/sdf alpha

     
  • Mike Protts

    Mike Protts - 2009-04-01

    I've uploaded a patch for this, as it seems to work Ok.

    Mike

     
  • Mark Miesfeld

    Mark Miesfeld - 2009-04-01

    Mike,

    Your patch won't work because Windows doesn't have snprintf (it's defined as _snprintf.)

    I am admittedly a little weak in portable code, but a quick Google search seems to indicate that NetBSD has gcvt().

    http://www.softwareplug.com/NetBSD/man/gcvt/3

    Maybe you need to fix the configure script? Maybe the wrong headers are used on NetBSD to pull in gcvt()?

     
  • Rick McGuire

    Rick McGuire - 2009-04-01

    Interesting. This link suggests that gcvt() has been removed from the Posix spec and sprintf() is the recommended replacement.

    http://www.kernel.org/doc/man-pages/online/pages/man3/gcvt.3.html

    We can use Mike's patch if we use sprintf rather than snprintf.

     
  • Mike Protts

    Mike Protts - 2009-04-01

    I couldn't find gcvt, but as the config.h setting seems correct, I used an #ifdef HAVE_GCVT , so should be Ok on any platform.

    Mike

     
  • Rick McGuire

    Rick McGuire - 2009-04-01

    My preference for this portable code is to have absolutely minimal conditional compilation, so a solution that doesn't use that is preferred.

     
  • Mark Miesfeld

    Mark Miesfeld - 2009-04-01

    "Interesting. This link suggests that gcvt() has been removed from the
    Posix spec and sprintf() is the recommended replacement. "

    I also saw that gcvt is deprecated. We could also use snprintf() if somewhere in the Windows specific headers we defined snprintf to be _snprintf()

    sprintf() would be easy if this is a place we couldn't get a buffer overflow (I didn't look that closely.)

     
  • Mike Protts

    Mike Protts - 2009-04-01

    There is a similar issue with setenv (which is not available for Solaris). In that case I was thinking of adding a setenv function that uses putenv. Would a similar approach make sense here? If so where would these belong?

    Cheers
    Mike

     
  • Rick McGuire

    Rick McGuire - 2009-04-01

    We're no more at risk for a buffer overflow with sprintf() than we were with gcvt(). The maximum size is a well known quantity, so we're in good shape.

     
  • Mark Miesfeld

    Mark Miesfeld - 2009-04-01

    Committed revision 4333.

     
  • Mark Miesfeld

    Mark Miesfeld - 2010-02-19

    The fix for this item was in the 4.0.0 release.

     


Anonymous

Cancel  Add attachments





Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks