too little buffer in TinyXML
Brought to you by:
leethomason
Menu
▾
▴
Hi,
I noticed a wrong beheavior of TinyXML:
This occours at least in
void TiXmlElement::SetDoubleAttribute( const char * name, double val )
If this method is invoked with a big val, the buffer "buf[256]" is too small, and the return value of TIXML_SNPRINTF(...) is not checked.
See attached file for a better explenation ;-)
another Question is:
I do not know why you can call _snprintf_s(...) like this on top:
int _snprintf_s(
char *buffer,
size_t sizeOfBuffer,
size_t count,
const char *format [,
argument] ...
);
template <size_t size>
int _snprintf_s(
char (&buffer)[size],
size_t count,
const char *format [,
argument] ...
); // C++ only
------------------------------------------------------------------------------------
#include <cstdio>
#include <cstdlib>
#include <cstring>
#include <limits>
//#include "include/tinyxml.h"
#if defined(_MSC_VER) && (_MSC_VER >= 1400 )
// Microsoft visual studio, version 2005 and higher.
#define TIXML_SNPRINTF _snprintf_s
#define TIXML_SNSCANF _snscanf_s
#elif defined(_MSC_VER) && (_MSC_VER >= 1200 )
// Microsoft visual studio, version 6 and higher.
//#pragma message( "Using _sn* functions." )
#define TIXML_SNPRINTF _snprintf
#define TIXML_SNSCANF _snscanf
#elif defined(__GNUC__) && (__GNUC__ >= 3 )
// GCC version 3 and higher.s
//#warning( "Using sn* functions." )
#define TIXML_SNPRINTF snprintf
#define TIXML_SNSCANF snscanf
#endif
std::numeric_limits<double> limit;
int main()
{
double val = limit.max();
#define BUG
#ifdef BUG
char buf[256];
#else
char buf[318];
#endif // BUG
int return_value = TIXML_SNPRINTF( buf, sizeof(buf), "%f", val );
int str_len = strlen(buf);
printf("return_value:\t%d\n" , return_value);
printf("str_len:\t%d\n" , str_len);
printf("buf:\t%s\n" , buf);
return EXIT_SUCCESS;
}