This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug stdio/17829] Incorrect handling of precision specifier in printf family
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 18 Feb 2015 14:26:56 +0000
- Subject: [Bug stdio/17829] Incorrect handling of precision specifier in printf family
- Auto-submitted: auto-generated
- References: <bug-17829-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=17829
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |codonell at redhat dot com
--- Comment #1 from Florian Weimer <fweimer at redhat dot com> ---
Carlos, do you remember what the â32â in stdio-common/vfprintf.c guards
against? (You helped to fix some overflow-related issues in this area.)
1574 if (prec > width
1575 && prec > sizeof (work_buffer) / sizeof (work_buffer[0]) -
32)
1576 {
1577 if (__glibc_unlikely (prec >= INT_MAX / sizeof (CHAR_T) -
32))
1578 {
1579 __set_errno (EOVERFLOW);
1580 done = -1;
1581 goto all_done;
1582 }
1583 size_t needed = ((size_t) prec + 32) * sizeof (CHAR_T);
I'm a bit at a loss here. Certainly, this use is not recommended because
printf will allocate tons of memory as part of the format processing.
--
You are receiving this mail because:
You are on the CC list for the bug.