Hi Constatin,
The fixed length array in Shadow.cxx has been removed in the CVS repository.
The one in TCint.cxx has not been.
Note that there is indeed a problem for the CMS software however, we need
a valgridn output of the actuall error so that we can fix the one problem
that is really bothering CMS.
Cheers,
Philippe.
-----Original Message-----
From: owner-roottalk_at_pcroot.cern.ch [mailto:owner-roottalk_at_pcroot.cern.ch]
On Behalf Of Constantin Loizides
Sent: Monday, May 14, 2007 6:37 AM
To: ROOT TALK
Subject: [ROOT] [Fwd: Re: problem with dictionaries and
G__set_class_autoloading_table]
Maybe this is already dealt with, but anyways, the following two strcpy/buffer problems are discussed on the CMS mailing lists. Constantin
Hi Andrea,
If one does a search of the ROOT code you'll find a number of instances with character buffers which are set at compile time to the size 1024. I just found one such incident, http://root.cern.ch/lxr/source/cint7/src/Shadow.cxx#127
I believe a 'Shadow' class is used to handle storage of classes which do not inherit from TObject (which is true for all CMS data objects) so I think this routine would be called. As you can see, they buffer assumes that a type name will be less than 1024 and does no check that the call to strcpy will not go beyond that length. Therefore this looks like a candidate for your bug.
If you can, it would be great if you could run 'valgrind' on your job since valgrind is very good at finding buffer overflows.
Chris
Hi Andrea,
Another possible candidate is
http://root.cern.ch/lxr/source/meta/src/TCint.cxx#1006
Chris
-- Tel: +1-617-8301823 (SkypeIn) Skype: loizides AOL: ConLoi / ICQ: 114824520Received on Mon May 14 2007 - 18:52:55 CEST
This archive was generated by hypermail 2.2.0 : Mon May 14 2007 - 23:50:01 CEST