Defect Report #428

Previous Defect Report < - > Next Defect Report


Submitter: Douglas Walls
Submission Date: 2013-02-11
Source: WG 14
Reference Document: N1672
Version: 1.1
Date: October 2013
Subject: runtime-constraint issue with sprintf family of routines in Annex K

Summary

snprintf_s  (Annex K.3.5.3.5)

In the "Runtime-constraints" section, K.3.5.3.5p2 first sentence it says:

"Neither s nor format shall be a null pointer. n shall neither equal
zero nor be greater than RSIZE_MAX."

So,
    if (n == 0 || n > RSIZE_MAX)
        /* runtime constraints violation */

This is clear. However the next paragraph K.3.5.3.5p3, says this about "s":

"If there is a runtime-constraint violation, then if s is not a null
pointer and n is greater than zero and less than RSIZE_MAX, then the
snprintf_s function sets s[0] to the null character."

So, it takes action when (n < RSIZE_MAX)

        if (s != NULL && n > 0 && n < RSIZE_MAX)
            s[0] = '\0';

Question here is, what if n equals RSIZE_MAX? Should we still reset
s[0]?

If I were to say this looks like a typo, would WG14 agree with me?

That is the text of K.3.5.3.5p3 should be:

  If there is a runtime-constraint violation, then if s is not a null
  pointer and n is greater than zero and not greater than RSIZE_MAX, then the
  snprintf_s function sets s[0] to the null character.
 
This issue applies to all the sprintf family of routines in Annex K 

Suggested Technical Corrigendum

snprintf_s
Replace K.3.5.3.5p3 with:

  If there is a runtime-constraint violation, then if s is not a null
  pointer and n is greater than zero and not greater than RSIZE_MAX, then the
  snprintf_s function sets s[0] to the null character.

sprintf_s
Replace K.3.5.3.6p3 with:

  If there is a runtime-constraint violation, then if s is not a null
  pointer and n is greater than zero and not greater than RSIZE_MAX, then the
  sprintf_s function sets s[0] to the null character.

vsnprintf_s
Replace K.3.5.3.12p3 with:

  If there is a runtime-constraint violation, then if s is not a null
  pointer and n is greater than zero and not greater than RSIZE_MAX, then the
  vsnprintf_s function sets s[0] to the null character.

vsprintf_s
Replace K.3.5.3.13p3 with:

  If there is a runtime-constraint violation, then if s is not a null
  pointer and n is greater than zero and not greater than RSIZE_MAX, then the
  vsprintf_s function sets s[0] to the null character.


Apr 2013 meeting

Committee Discussion

Oct 2013 meeting

Committee Discussion

Proposed Technical Corrigendum

snprintf_s
Replace K.3.5.3.5p3 with:

  If there is a runtime-constraint violation, then if s is not a null
  pointer and n is greater than zero and not greater than RSIZE_MAX, then the
  snprintf_s function sets s[0] to the null character.

sprintf_s
Replace K.3.5.3.6p3 with:

  If there is a runtime-constraint violation, then if s is not a null
  pointer and n is greater than zero and not greater than RSIZE_MAX, then the
  sprintf_s function sets s[0] to the null character.

vsnprintf_s
Replace K.3.5.3.12p3 with:

  If there is a runtime-constraint violation, then if s is not a null
  pointer and n is greater than zero and not greater than RSIZE_MAX, then the
  vsnprintf_s function sets s[0] to the null character.

vsprintf_s
Replace K.3.5.3.13p3 with:

  If there is a runtime-constraint violation, then if s is not a null
  pointer and n is greater than zero and not greater than RSIZE_MAX, then the
  vsprintf_s function sets s[0] to the null character.


Previous Defect Report < - > Next Defect Report