From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,HEADER_SPAM autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,b30bd69fa8f63cb2 X-Google-Attributes: gid103376,public X-Google-Thread: fc772,b30bd69fa8f63cb2 X-Google-Attributes: gidfc772,public X-Google-ArrivalTime: 2003-06-04 09:39:00 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!headwall.stanford.edu!newshub.sdsu.edu!cox.net!news-xfer.cox.net!in.100proofnews.com!in.100proofnews.com!news.moat.net!news-out.newsfeeds.com!propagator2-maxim!news-in.spamkiller.net!usc.edu!rpi!not-for-mail From: LLeweLLyn Newsgroups: comp.lang.ada,comp.lang.c++.moderated Subject: Re: C bug of the day Date: 4 Jun 2003 12:41:15 -0400 Organization: The Illusory Sorting Algorithm Sender: cppmods@netlab.cs.rpi.edu Message-ID: References: NNTP-Posting-Host: netlab.cs.rpi.edu X-Original-Date: Tue, 03 Jun 2003 16:57:03 -0600 X-Submission-Address: c++-submit@netlab.cs.rpi.edu X-Auth: PGPMoose V1.1 PGP comp.lang.c++.moderated iQBVAwUAPt4hKEHMCo9UcraBAQF4xgH/W6ZddbMjZ7cVJCpgMkP9PDsW2d40OPq9 actYirLnDGa78pan4itUtenFu6spO0FPfl8rw4gDp4lm2BsboUU3Sw== =yNK7 Xref: archiver1.google.com comp.lang.ada:38619 comp.lang.c++.moderated:67718 Date: 2003-06-04T12:41:15-04:00 List-Id: Hyman Rosen writes: > One of the trading systems we use in our company had been > crashing every night for a week while trying to run a > certain batch procedure. We finally traced the problem to > the usual C bugaboo, a buffer overflow. > > In this case, the program was trying to form an SQL command > for entering a row of data into a database table. Even though > the program is written in C++, I wonder if their implementation of C++ provides std::stringstream, whose use could have avoided this problem. I wonder if they had access to C99 snprintf, which at least provides a way to detect that the string was too long for the buffer, without out overriding the buffer. Since you crossposted this to comp.lang.ada, I wonder if they had any programmers who knew there was a programming language named ada. :-) > the programmers apparently > decided that the way to produce the SQL was to format it into > a fixed-size buffer. Unfortunately, they decided to use '%f' > to format some floating-point numbers, and more unfortunately, > a situation arose in our data where a number was on the order > of 10**141. Boom! > > We don't have the source code, but they do ship the program as > relinkable libraries. We found the offending string and patched > the binary to use %g instead of %f. Sigh. [snip] Now that is an *ugly* (but IMO necessary) solution ... Perhaps you should raise the bug as justification for obtaining a source license. I don't see that you have any point in posting this other than the obvious venting - I think we all have to do things like this once in a while. However I would like to know of some ideas for dealing with this sort of thing. We all deal with reams of buggy and poorly designed code, but it seems most of the expert-recommended patterns and idioms assume good code. [ Send an empty e-mail to c++-help@netlab.cs.rpi.edu for info ] [ about comp.lang.c++.moderated. First time posters: do this! ]