Bug 12445 – printf() stack corruption in case of positional parameters + many format specs

Bug 12445 - printf() stack corruption in case of positional parameters + many format specs


Summary:	printf() stack corruption in case of positional parameters + many format specs

Status:	RESOLVED FIXED

Product:	glibc
Classification:	Unclassified
Component:	libc
Version:	2.12

Importance:	P2 normal
Target Milestone:	---
Assigned To:	Ulrich Drepper

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2011-01-27 00:23 UTC by Petr Baudis
Modified:	2011-02-20 13:01 UTC (History)
CC List:	0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
proposed patch (715 bytes, text/plain) 2011-01-27 00:23 UTC, Petr Baudis	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Petr Baudis 2011-01-27 00:23:56 UTC

Created attachment 5215 [details]
proposed patch

A seldom-used code branch in vfprintf causes stack corruption in this (minimal)
testcase:

#include <stdio.h>

int main()
{
  printf ("\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d"
"%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%",
          "a", "b", "c", "d", 5);
  return 0;
}

Comment 1 Ulrich Drepper 2011-02-20 13:01:37 UTC

I checked in a patch and a test case.