Submitter: Martin Sebor
Submission Date: 2013-09-02
Source: WG 14
Reference Document:
N1752
Version: 1.0
Date: October 2013
Subject: tmpnam_s clears s[0] when
maxsize > RSIZE_MAX
Summary
The majority of bounds checking functions are specified to set the first element of the destination buffer, s[0], to the NUL character when a constraint violation occurs and the s pointer is non-null and the size of the buffer is greater than zero and less than or equal to SIZE_MAX.
However, the tmpnam_s function sets s[0] to NUL even when maxsize is greater than RSIZE_MAX, making its behavior on constraint violation inconsistent with the rest.
Change paragraph 8 in the Returns section of tmpnam_s to read:
- If no suitable string can be generated, or if there is a runtime-constraint violation and s is not null and maxsize is greater than zero and not greater than RSIZE_MAX, the tmpnam_s function sets s[0] to the null character and returns a nonzero value.
Committee Discussion
The committee agrees with the issue, and requests that the suggested technical corrigendum be broken into more parts for both clarity and consistency.