Document: N1712
Date: 2013-02-11


Defect Report #4nn

Previous Defect Report < - > Next Defect Report


Submitter: Douglas Walls
Submission Date: 2013-05-12
Source:WG14
Reference Document: N1672, N1712
Version: 2.0
Date:
Subject: runtime-constraint issue with sprintf family of routines in Annex K (ver 2)

Summary

snprintf_s  (Annex K.3.5.3.5)

In the "Runtime-constraints" section, K.3.5.3.5p2 first sentence it says:

"Neither s nor format shall be a null pointer. n shall neither equal
zero nor be greater than RSIZE_MAX."

So,
    if (n == 0 || n > RSIZE_MAX)
        /* runtime constraints violation */

This is clear. However the next paragraph K.3.5.3.5p3, says this about "s":

"If there is a runtime-constraint violation, then if s is not a null
pointer and n is greater than zero and less than RSIZE_MAX, then the
snprintf_s function sets s[0] to the null character."

So, it takes action when (n < RSIZE_MAX)

        if (s != NULL && n > 0 && n < RSIZE_MAX)
            s[0] = '\0';

Question here is, what if n equals RSIZE_MAX? Should we still reset
s[0]?

If I were to say this looks like a typo, would WG14 agree with me?

That is the text of K.3.5.3.5p3 should be:

  If there is a runtime-constraint violation, then if s is not a null
  pointer and n is greater than zero and not greater than RSIZE_MAX, then the
  snprintf_s function sets s[0] to the null character.
 
This issue applies to all the sprintf family of routines in Annex K

Version 2.0 5/12/2013 of this paper revises the content of N1672 (DR428) to
include additional functions with the same RSIZE_MAX
issues as pointed out during review at the April 2013 WG14 meeting.

Suggested Technical Corrigendum

snprintf_s
Replace K.3.5.3.5p3 with:

  If there is a runtime-constraint violation, then if s is not a null
  pointer and n is greater than zero and not greater than RSIZE_MAX, then the
  snprintf_s function sets s[0] to the null character.

sprintf_s
Replace K.3.5.3.6p3 with:

  If there is a runtime-constraint violation, then if s is not a null
  pointer and n is greater than zero and not greater than RSIZE_MAX, then the
  sprintf_s function sets s[0] to the null character.

vsnprintf_s
Replace K.3.5.3.12p3 with:

  If there is a runtime-constraint violation, then if s is not a null
  pointer and n is greater than zero and not greater than RSIZE_MAX, then the
  vsnprintf_s function sets s[0] to the null character.

vsprintf_s
Replace K.3.5.3.13p3 with:

  If there is a runtime-constraint violation, then if s is not a null
  pointer and n is greater than zero and not greater than RSIZE_MAX, then the
  vsprintf_s function sets s[0] to the null character.

mbwtowcs_s
Replace K.3.6.5.1p3 last sentence with:

  If dst is not a null pointer and dstmax is greater than zero and not greater than
  RSIZE_MAX, then mbstowcs_s sets dst[0] to the null wide character.

wcstombs_s
Replace K.3.6.5.2p3 last sentence with:

  If dst is not a null pointer and dstmax is greater than zero and not greater than
  RSIZE_MAX, then wcstombs_s sets dst[0] to the null character.

snwprintf_s
Replace K.3.9.1.3p3 with:

  If there is a runtime-constraint violation, then if s is not a null pointer and n is
  greater than zero and not greater than RSIZE_MAX, then the snwprintf_s
  function sets s[0] to the null wide character.

swprintf_s
Replace K.3.9.1.4p3 with:

  If there is a runtime-constraint violation, then if s is not a null pointer and n is
  greater than zero and not greater than RSIZE_MAX, then the swprintf_s
  function sets s[0] to the null wide character.

vsnwprintf_s
Replace K.3.9.1.8p3 with:

  If there is a runtime-constraint violation, then if s is not a null pointer and n is
  greater than zero and not greater than RSIZE_MAX, then the vsnwprintf_s
  function sets s[0] to the null wide character.

vswprintf_s
Replace K.3.9.1.9p3 with:

  If there is a runtime-constraint violation, then if s is not a null pointer and n is
  greater than zero and not greater than RSIZE_MAX, then the vswprintf_s
  unction sets s[0] to the null wide character.

mbsrtowcs_s
Replace K.3.9.3.2.1p4 last sentence with:

  If dst is not a null pointer and dstmax is greater than zero and not greater than
  RSIZE_MAX, then mbsrtowcs_s sets dst[0] to the null wide character.

wcsrtombs_s
Replace K.3.9.3.2.2p13 last sentence with:

  If dst is not a null pointer and dstmax is greater than zero and not greater than
  RSIZE_MAX, then wcsrtombs_s sets dst[0] to the null character.




Previous Defect Report < - > Next Defect Report