Timemgr using sprintf with the output string also used in the input #284
Comments
|
I'm happy to take this on. I just did a regex search to try to identify the places that need to be fixed. This would miss anything where a sprintf call is split across multiple lines, but hopefully is at least a good start: The regex is esmf/src/Infrastructure/TimeMgr/src/ESMCI_Time.C Line 1471 in 82f8052 esmf/src/Infrastructure/TimeMgr/src/ESMCI_Time.C Line 1473 in 82f8052 esmf/src/Infrastructure/TimeMgr/src/ESMCI_Time.C Line 1480 in 82f8052 esmf/src/Infrastructure/TimeMgr/src/ESMCI_Time.C Line 1482 in 82f8052 |
|
I've started looking at this. @oehmke I'd like some confirmation on what I'm thinking here: I'm thinking that, ideally, we should add an argument to these two functions: esmf/src/Infrastructure/TimeMgr/src/ESMCI_Time.C Lines 1390 to 1396 in edb848d esmf/src/Infrastructure/TimeMgr/src/ESMCI_TimeInterval.C Lines 3072 to 3078 in edb848d giving the string length. It looks to me like we have that length available in all calls; for example: which is referenced here: esmf/src/Infrastructure/TimeMgr/src/ESMCI_Time.C Lines 547 to 548 in edb848d But I'm not familiar enough with the Fortran-C connections in ESMF to be confident about this: can we rely on this timeStringLen variable being the size of the C character allocation for tempTimeString? Or maybe off-by-one because of the need to hold the terminating null character on the C side?? In case it's helpful, this is the relevant Fortran-C call: esmf/src/Infrastructure/TimeMgr/interface/ESMCI_Time_F.C Lines 91 to 161 in edb848d My sense is that these esmf/src/Infrastructure/TimeMgr/src/ESMCI_Time.C Lines 1381 to 1390 in edb848d but my impression is that this C++ code isn't actually part of the ESMF public API; is that true? Let me know if you'd find it easier to meet to talk about this rather than trying to reply in writing. I have other things I can work on while waiting for a reply, so no rush on this. (I thought maybe if I got this done quickly I could sneak this bug fix into 8.7, but that may be unrealistic at this point.) |
|
Just a note. We had another user on Linux 6.8+ (@gmao-ckung) hit this, so it might become more prevalent! Thanks for looking at this! |
|
Hi Bill,
Yes, that makes sense to add the argument with the string length. We trust that Fortran length other places in the code and we don’t seem to have issues with it, so I think it’s ok to use. I think that it’s just the length without the null terminator, but I’ll have to look a bit to be sure. We have some interface functions to help with the F to C strings, but I’ll have to remind myself about how it works (I don’t do it super often), but I can find some examples for you to use.
Are you in T or Th next week? How about we meet to talk about it and look at some code? That’ll give me time to swap it back into main memory. ;-)
- Bob
… On Sep 5, 2024, at 5:24 PM, Bill Sacks ***@***.***> wrote:
I've started looking at this. @oehmke <https://github.com/oehmke> I'd like some confirmation on what I'm thinking here:
I'm thinking that, ideally, we should add an argument to these two functions:
https://github.com/esmf-org/esmf/blob/edb848d90bf5d70a2db158771f4d07be605fdd32/src/Infrastructure/TimeMgr/src/ESMCI_Time.C#L1390-L1396
https://github.com/esmf-org/esmf/blob/edb848d90bf5d70a2db158771f4d07be605fdd32/src/Infrastructure/TimeMgr/src/ESMCI_TimeInterval.C#L3072-L3078
giving the string length. It looks to me like we have that length available in all calls; for example:
https://github.com/esmf-org/esmf/blob/edb848d90bf5d70a2db158771f4d07be605fdd32/src/Infrastructure/TimeMgr/src/ESMCI_Time.C#L433
which is referenced here:
https://github.com/esmf-org/esmf/blob/edb848d90bf5d70a2db158771f4d07be605fdd32/src/Infrastructure/TimeMgr/src/ESMCI_Time.C#L547-L548
But I'm not familiar enough with the Fortran-C connections in ESMF to be confident about this: can we rely on this timeStringLen variable being the size of the C character allocation for tempTimeString? Or maybe off-by-one because of the need to hold the terminating null character on the C side?? In case it's helpful, this is the relevant Fortran-C call:
https://github.com/esmf-org/esmf/blob/edb848d90bf5d70a2db158771f4d07be605fdd32/src/Infrastructure/TimeMgr/interface/ESMCI_Time_F.C#L91-L161
My sense is that these getString methods are only accessible internally, so it's okay to change the interface... Time::getString is a public method and appears like this:
https://github.com/esmf-org/esmf/blob/edb848d90bf5d70a2db158771f4d07be605fdd32/src/Infrastructure/TimeMgr/src/ESMCI_Time.C#L1381-L1390
but my impression is that this C++ code isn't actually part of the ESMF public API; is that true?
Let me know if you'd find it easier to meet to talk about this rather than trying to reply in writing. I have other things I can work on while waiting for a reply, so no rush on this. (I thought maybe if I got this done quickly I could sneak this bug fix into 8.7, but that may be unrealistic at this point.)
—
Reply to this email directly, view it on GitHub <#284 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AE6A7U5P4CACHDXOWMDLL7LZVDR3HAVCNFSM6AAAAABNS75RHWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMZSHA3TGMRXGE>.
You are receiving this because you were mentioned.
|
Fix sprintf issues Fixes uses of sprintf where the output string is also used in the input, which can result in garbled time strings. Also changes these sprintf calls to snprintf to avoid possible buffer overflows, and checks these calls to ensure that the output variable is large enough to hold the relevant string, returning an error code if not. Resolves #284
Atanas ran into an issue with a garbled time string and traced it down to a sprintf call in the time manager. It looks like there are several instances of sprintf() with the output string being also used as an input. It sounds like in general this shouldn't be done, but that it sometimes works (depending on the implementation of sprintf()). We should fix all of these, so we don't run into random issues. An example of one of these is in .../TimeMgr/src/ESMCI_Time.C line 1482.
The text was updated successfully, but these errors were encountered: