Uploaded image for project: 'ROOT'
  1. ROOT
  2. ROOT-6239

TClass::EscapeChars seg fault

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 5.34/00
    • Fix Version/s: None
    • Component/s: Core Libraries
    • Labels:
      None
    • Environment:

      all

      Description

      char *TClass::EscapeChars(const char *text) const allocates a 128-byte static buffer for its output. It checks if the input text isn't larger than 127 chars (good), but after escaping, the output written to the buffer may be larger, leading to memory corruption.

      The interpreter doesn't (always) crash: silent memory corruption. G++-compiled programs usually get very upset (seg fault). Code to reproduce:

      #include "TClass.h"

      #include <iostream>
      using namespace std;

      int main()
      {
      TClass a;
      cout << a.EscapeChars("[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[") << endl;
      return 0;
      }

        Attachments

          Activity

            People

            • Assignee:
              pcanal Philippe Canal
              Reporter:
              dgeerts Daniel Geerts
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: