Re: Double free error using sprintf in threaded app
Re: Double free error using sprintf in threaded app
- Subject: Re: Double free error using sprintf in threaded app
- From: Rush Manbert <email@hidden>
- Date: Wed, 15 Apr 2009 14:43:42 -0700
On Apr 15, 2009, at 1:39 PM, Greg Guerin wrote:
Rush Manbert wrote:
char port[sizeof("65536")];
sprintf(port, "%d", m_serverPort);
This seems prone to buffer overflow if the value of m_serverPort is
not adequately constrained.
Try the experiment again calling snprintf() instead of sprintf(),
and see if it changes anything.
You're correct about limiting the value of m_serverPort. The original
code limits it to 65535 and my test code uses the hardcoded value
9090, so buffer overflow is not the issue.
In fact, I originally couldn't get the error to happen in my test
until I added the other sprintf calls that used different buffer
sizes. I think that's required somehow. The original library code uses
sprintf into buffers located on the stack to format output, and those
buffers are not sizeof("65536") long. I suspect that the underlying
locale code is shuffling buffers under the hood and has some bug.
I'm hoping that one of the Apple guys will take an interest in this
and say whether it looks like a bug in the C runtime, or whether I
just shouldn't be doing this in threaded code.
Googling the keywords 'sprintf thread safe' suggests relying on
sprintf or its relatives to always be thread-safe might be a
portability risk.
My google searches suggest that sprintf is known to be thread safe on
certain systems, but I couldn't find anything definitive.
The real question for me is this. What is a thread-safe alternative?
Composition using ostringstream?
- Rush
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden