Submitter: Martin Sebor
Submission Date: 2013-09-02
Source: WG 14
Reference Document:
N1752
Version: 1.1
Date: April 2014
Subject: tmpnam_s clears s[0] when
maxsize > RSIZE_MAX
Summary
The majority of bounds checking functions are specified to set the first element of the destination buffer, s[0], to the NUL character when a constraint violation occurs and the s pointer is non-null and the size of the buffer is greater than zero and less than or equal to SIZE_MAX.
However, the tmpnam_s function sets s[0] to NUL even when maxsize is greater than RSIZE_MAX, making its behavior on constraint violation inconsistent with the rest.
Change paragraph 8 in the Returns section of tmpnam_s to read:
- If no suitable string can be generated, or if there is a runtime-constraint violation and s is not null and maxsize is greater than zero and not greater than RSIZE_MAX, the tmpnam_s function sets s[0] to the null character and returns a nonzero value.
Committee Discussion
The committee agrees with the issue, and requests that the suggested technical corrigendum be broken into more parts for both clarity and consistency.
Apr 2014 meeting
Committee Discussion
The committee did not receive revised words and will again solicit them from the author.