This is the mail archive of the newlib@sourceware.org mailing list for the newlib project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Hello, I've already reported this over at MinGW but since I could also reproduce the Bug in Cygwin and understand both use Newlib, I figured I'd post this here, too. The snprintf implementation is not compliant. This can lead to bugs and memory corruptions. A simple PoC is the following char buf[4]; snprintf(buf, 4,"te%s", "st"); printf("%s", buf); It should print "tes" (0-terminated) but instad prints "test" and appends random memory (tested in cygwin and mingw). Then len field in this case is 4, which is correct (apart from the missing zero termination), however it will return an error (-1) for any larger input. The original MinGW bug report is here: https://sourceforge.net/p/mingw-w64/bugs/709/ Best Dominik
Attachment:
signature.asc
Description: OpenPGP digital signature
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |