tmpnam_s clears s[0] when maxsize > RSIZE_MAXThis issue has been automatically converted from the original issue lists and some formatting may not have been preserved.
Authors: WG 14, Martin Sebor
Date: 2013-09-02
Reference document: N1752
Submitted against: C11 / C17
Status: Fixed
Fixed in: C17
Converted from: n2396.htm
The majority of bounds checking functions are specified to set the first element of the destination buffer,
s[0], to the NUL character when a constraint violation occurs and thespointer is non-null and the size of the buffer is greater than zero and less than or equal toSIZE_MAX.However, the
tmpnam_sfunction setss[0]to NUL even whenmaxsizeis greater thanRSIZE_MAX, making its behavior on constraint violation inconsistent with the rest.
Change paragraph 8 in the Returns section of tmpnam_s to read:
- If no suitable string can be generated, or if there is a runtime-constraint violation and
sis not null andmaxsizeis greater than zero and not greater thanRSIZE_MAX, thetmpnam_sfunction setss[0]to the null character and returns a nonzero value.
Comment from WG14 on 2017-11-03:
Oct 2013 meeting
The committee agrees with the issue, and requests that the suggested technical corrigendum be broken into more parts for both clarity and consistency.
Apr 2014 meeting
The committee did not receive revised words and will again solicit them from the author.
Oct 2014 meeting
The paper N1873 was provided and discussed, and after several revisions the following proposal were approved.
Change K.3.5.1.2 paragraph 8 (the Returns section of tmpnam_s) from:
If no suitable string can be generated, or if there is a runtime-constraint violation, the
tmpnam_sfunction writes a null character tos[0](only ifsis not null andmaxsizeis greater than zero) and returns a nonzero value.
to:
If no suitable string can be generated, or if there is a runtime-constraint violation, the
tmpnam_sfunction:
- if
sis not null andmaxsizeis both greater than zero and not greater thanRSIZE_MAX, writes a null character tos[0]- returns a nonzero value.