From: LLeweLLyn <llewelly.at@xmission.dot.com>
Subject: Re: C bug of the day
Date: 4 Jun 2003 12:41:15 -0400
Date: 2003-06-04T12:41:15-04:00 [thread overview]
Message-ID: <m1vfvm7osg.fsf@xmission.dot.com> (raw)
In-Reply-To: sUUCa.41207$fT5.6121@nwrdny01.gnilink.net
Hyman Rosen <hyrosen@mail.com> writes:
> One of the trading systems we use in our company had been
> crashing every night for a week while trying to run a
> certain batch procedure. We finally traced the problem to
> the usual C bugaboo, a buffer overflow.
>
> In this case, the program was trying to form an SQL command
> for entering a row of data into a database table. Even though
> the program is written in C++,
I wonder if their implementation of C++ provides std::stringstream,
whose use could have avoided this problem. I wonder if they had
access to C99 snprintf, which at least provides a way to detect
that the string was too long for the buffer, without out
overriding the buffer.
Since you crossposted this to comp.lang.ada, I wonder if they had any
programmers who knew there was a programming language named
ada. :-)
> the programmers apparently
> decided that the way to produce the SQL was to format it into
> a fixed-size buffer. Unfortunately, they decided to use '%f'
> to format some floating-point numbers, and more unfortunately,
> a situation arose in our data where a number was on the order
> of 10**141. Boom!
>
> We don't have the source code, but they do ship the program as
> relinkable libraries. We found the offending string and patched
> the binary to use %g instead of %f. Sigh.
[snip]
Now that is an *ugly* (but IMO necessary) solution ...
Perhaps you should raise the bug as justification for obtaining a
source license.
I don't see that you have any point in posting this other than the
obvious venting - I think we all have to do things like this once
in a while.
However I would like to know of some ideas for dealing with this sort
of thing. We all deal with reams of buggy and poorly designed
code, but it seems most of the expert-recommended patterns and
idioms assume good code.
[ Send an empty e-mail to c++-help@netlab.cs.rpi.edu for info ]
[ about comp.lang.c++.moderated. First time posters: do this! ]
next prev parent reply other threads:[~2003-06-04 16:41 UTC|newest]
Thread overview: 195+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-06-03 13:38 C bug of the day Hyman Rosen
2003-06-03 21:35 ` Ron Natalie
2003-06-03 21:38 ` John H. Lindsay
2003-06-04 13:25 ` Hyman Rosen
2003-06-03 21:49 ` Warren W. Gay VE3WWG
2003-06-04 13:26 ` Hyman Rosen
2003-06-05 7:35 ` Raoul Gough
2003-06-04 17:59 ` Carlos Moreno
2003-06-04 18:02 ` Ken Hagan
2003-06-10 16:51 ` Matthew Heaney
2003-06-04 18:05 ` Peter van Merkerk
2003-06-05 7:36 ` Hyman Rosen
2003-06-05 15:58 ` Terje Slettebø
2003-06-05 20:51 ` Dave Harris
2003-06-10 13:20 ` kanze
2003-06-10 13:40 ` Vinzent Hoefler
2003-06-10 13:51 ` Preben Randhol
2003-06-10 20:32 ` Jim Rogers
2003-06-11 4:01 ` Wesley Groleau
2003-06-11 4:25 ` Hyman Rosen
2003-06-11 9:41 ` kanze
2003-06-11 9:31 ` kanze
2003-06-11 12:48 ` James Rogers
2003-06-11 16:43 ` Wesley Groleau
2003-06-11 21:41 ` Mike Silva
2003-06-12 12:39 ` kanze
2003-06-12 12:52 ` Preben Randhol
2003-06-13 1:32 ` James Rogers
2003-06-13 9:37 ` AG
2003-06-13 12:21 ` Peter Amey
2003-06-13 13:38 ` Ed Falis
2003-06-13 14:43 ` kanze
2003-06-13 16:06 ` Wesley Groleau
2003-06-13 21:32 ` AG
2003-06-11 9:22 ` kanze
2003-06-11 9:49 ` Erlo Haugen
2003-06-11 10:11 ` Vinzent Hoefler
2003-06-11 10:50 ` Erlo Haugen
2003-06-11 11:08 ` Vinzent Hoefler
2003-06-11 11:29 ` Erlo Haugen
2003-06-11 11:58 ` Vinzent Hoefler
2003-06-11 12:38 ` Erlo Haugen
2003-06-11 12:59 ` Vinzent Hoefler
2003-06-11 13:13 ` Erlo Haugen
2003-06-12 3:26 ` Wesley Groleau
2003-06-12 20:24 ` Pascal Obry
2003-06-13 23:40 ` Randy Brukardt
2003-06-14 10:57 ` Replacement for Text_IO? (was Re: C bug of the day) Dale Stanbrough
2003-06-16 22:06 ` Randy Brukardt
2003-06-16 22:35 ` Gautier Write-only
2003-06-17 1:31 ` Randy Brukardt
2003-06-17 1:56 ` Dale Stanbrough
2003-06-17 8:46 ` Georg Bauhaus
2003-06-17 11:42 ` Dale Stanbrough
2003-06-17 12:53 ` Larry Kilgallen
[not found] ` <sqilr-9d3.ln1@beastie.ix.netcom.com>
2003-06-12 7:35 ` Compilers on old machines (was: " Vinzent Hoefler
2003-06-13 23:33 ` C bug of the day Randy Brukardt
2003-06-16 11:23 ` Vinzent Hoefler
2003-06-16 21:41 ` Randy Brukardt
2003-06-16 21:45 ` Vinzent Hoefler
2003-06-17 10:52 ` Replacement for Text_IO? (was Re: C bug of the day) Larry Kilgallen
2003-06-11 10:36 ` C bug of the day Peter Hermann
2003-06-11 10:43 ` Erlo Haugen
2003-06-11 13:12 ` Bernd Trog
2003-06-11 16:40 ` Warren W. Gay VE3WWG
2003-06-12 7:16 ` Erlo Haugen
2003-06-11 16:40 ` Wesley Groleau
2003-06-11 16:59 ` Larry Kilgallen
2003-06-12 3:28 ` Wesley Groleau
2003-06-11 18:05 ` Robert I. Eachus
2003-06-12 12:56 ` kanze
2003-06-11 22:31 ` Kevin Cline
2003-06-12 7:06 ` Vinzent Hoefler
2003-06-12 18:40 ` Mike Silva
2003-06-12 19:03 ` Robert I. Eachus
2003-06-13 15:07 ` kanze
2003-06-13 15:23 ` Vinzent Hoefler
2003-06-12 10:21 ` Georg Bauhaus
2003-06-12 21:58 ` Matthew Heaney
2003-06-13 15:13 ` kanze
2003-06-14 6:10 ` Simon Wright
2003-06-12 14:23 ` kanze
2003-06-13 1:52 ` James Rogers
2003-06-13 15:24 ` kanze
2003-06-13 15:31 ` Vinzent Hoefler
2003-06-14 10:37 ` Preben Randhol
2003-06-14 6:12 ` Simon Wright
2003-06-14 14:39 ` Larry Kilgallen
2003-06-12 17:33 ` Matthew Heaney
2003-06-12 20:38 ` Simon Wright
2003-06-10 16:55 ` Preben Randhol
2003-06-11 10:10 ` James Rogers
2003-06-12 0:12 ` Andrei Alexandrescu
2003-06-12 9:23 ` James Rogers
2003-06-12 10:27 ` Andrei Alexandrescu
2003-06-13 8:16 ` James Rogers
2003-06-13 15:55 ` Terje Slettebø
2003-06-14 9:57 ` Ron Natalie
2003-06-14 20:27 ` Terje Slettebø
2003-06-16 22:46 ` kanze
2003-06-16 22:54 ` Ron Natalie
2003-06-15 0:07 ` Dave Harris
2003-06-16 22:50 ` kanze
2003-06-17 15:33 ` Dave Harris
2003-06-15 1:54 ` Wesley Groleau
2003-06-15 10:07 ` Terje Slettebø
2003-06-18 21:15 ` Balog Pal
2003-06-14 20:27 ` Francis Glassborow
2003-06-15 10:06 ` Terje Slettebø
2003-06-15 18:31 ` Francis Glassborow
2003-06-16 8:45 ` Terje Slettebø
2003-06-16 22:42 ` Francis Glassborow
2003-06-17 17:51 ` kanze
2003-06-18 15:47 ` John Potter
2003-06-15 15:04 ` John Potter
2003-06-15 21:55 ` Francis Glassborow
2003-06-16 9:06 ` John Potter
2003-06-16 22:43 ` Francis Glassborow
2003-06-13 19:22 ` Hyman Rosen
2003-06-14 9:50 ` kanze
2003-06-14 9:51 ` Wesley Groleau
2003-06-14 10:01 ` Dave Harris
2003-06-15 0:45 ` Terje Slettebø
2003-06-15 18:12 ` Dave Harris
2003-06-16 22:52 ` kanze
2003-06-17 10:46 ` Larry Kilgallen
2003-06-14 10:15 ` Andrei Alexandrescu
2003-06-14 16:16 ` Simon Wright
2003-06-18 21:15 ` Balog Pal
2003-06-12 19:43 ` Balog Pal
2003-06-13 8:17 ` James Rogers
2003-06-13 19:10 ` Terje Slettebø
2003-06-14 9:53 ` LLeweLLyn
2003-06-14 17:10 ` Addding new attributes to Ada0Y Robert I. Eachus
2003-06-12 13:25 ` C bug of the day kanze
2003-06-13 0:39 ` Larry Kilgallen
2003-06-13 21:25 ` LLeweLLyn
2003-06-13 23:42 ` Wesley Groleau
2003-06-16 22:53 ` kanze
2003-06-17 15:43 ` Terje Slettebø
2003-06-18 1:41 ` Wesley Groleau
2003-06-18 13:52 ` Hyman Rosen
2003-06-18 14:37 ` Vinzent Hoefler
2003-06-18 15:17 ` Hyman Rosen
2003-06-19 8:30 ` Dmitry A. Kazakov
2003-06-19 23:33 ` Hyman Rosen
2003-06-20 1:18 ` Wesley Groleau
2003-06-20 4:56 ` Robert I. Eachus
2003-06-20 5:05 ` Hyman Rosen
2003-06-20 5:54 ` Robert I. Eachus
2003-06-20 7:10 ` Dmitry A. Kazakov
2003-06-20 21:12 ` Mark A. Biggar
2003-06-21 7:28 ` Dmitry A. Kazakov
2003-06-18 21:12 ` kanze
2003-06-19 3:24 ` James Rogers
2003-06-19 14:02 ` kanze
2003-06-19 23:29 ` tmoran
2003-06-20 9:38 ` Hyman Rosen
2003-06-20 12:25 ` kanze
2003-06-24 1:59 ` Matthew Heaney
2003-06-20 0:42 ` Jim Rogers
2003-06-20 9:38 ` Wesley Groleau
2003-06-20 9:39 ` Hyman Rosen
2003-06-19 4:28 ` Wesley Groleau
2003-06-20 23:02 ` Stephen Leake
2003-06-21 19:41 ` Dave Harris
2003-06-23 0:02 ` Terje Slettebø
2003-06-23 15:51 ` Dave Harris
2003-06-17 10:35 ` Andy Sawyer
2003-06-17 17:48 ` Ludovic Brenta
2003-06-17 17:52 ` Larry Kilgallen
2003-06-18 14:10 ` Preben Randhol
2003-06-18 15:39 ` Andy Sawyer
2003-06-13 8:00 ` Mike Silva
2003-06-15 0:40 ` Robert I. Eachus
2003-06-16 22:57 ` kanze
2003-06-13 8:05 ` Wesley Groleau
2003-06-14 9:56 ` LLeweLLyn
2003-06-15 0:42 ` Ed Avis
2003-06-15 10:01 ` LLeweLLyn
2003-06-15 21:59 ` Ed Avis
2003-06-16 9:04 ` Wesley Groleau
2003-06-15 0:45 ` Wesley Groleau
2003-06-13 8:17 ` James Rogers
2003-06-14 9:52 ` kanze
2003-06-15 0:43 ` James Rogers
2003-06-15 18:48 ` Garbage Collector [Was: C bug of the day] Martin Krischik
2003-06-16 23:30 ` Robert A Duff
2003-06-17 3:51 ` Robert I. Eachus
2003-06-14 16:22 ` Bounded integer types (was: C bug of the day) Ed Avis
2003-06-03 21:59 ` C bug of the day Mike Silva
2003-06-04 16:41 ` LLeweLLyn [this message]
2003-06-04 22:37 ` Wesley Groleau
2003-06-09 23:50 ` Balog Pal
2003-06-21 19:26 ` Florian Weimer
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox