This is the mail archive of the newlib@sourceware.org mailing list for the newlib project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Bug in Newlib's snprintf implementation


Hello,

I've already reported this over at MinGW but since I could also
reproduce the Bug in Cygwin and understand both use Newlib, I figured
I'd post this here, too.

The snprintf implementation is not compliant. This can lead to bugs and
memory corruptions.

A simple PoC is the following   

    char buf[4];
    snprintf(buf, 4,"te%s", "st");
    printf("%s", buf);

It should print "tes" (0-terminated) but instad prints "test" and
appends random memory (tested in cygwin and mingw).

Then len field in this case is 4, which is correct (apart from the
missing zero termination), however it will return an error (-1) for any
larger input.

The original MinGW bug report is here:
https://sourceforge.net/p/mingw-w64/bugs/709/

Best

Dominik


Attachment: signature.asc
Description: OpenPGP digital signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]