Bug 5424 - printf doesn't behave correctly with huge numbers of characters
Summary: printf doesn't behave correctly with huge numbers of characters
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: ---
Assignee: Ulrich Drepper
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-11-28 12:13 UTC by Vincent Lefèvre
Modified: 2007-12-10 02:30 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vincent Lefèvre 2007-11-28 12:13:26 UTC
When the number of characters is > INT_MAX, printf doesn't return the number of
output characters. The C standard seems to be silent on this point and the
current glibc manual and printf(3) man page are also silent. The following
program was tested on a Debian/etch x86_64 machine:

#ifndef N
#define N 2147483648
#endif

#define STRINGIFY(S) #S
#define MAKE_STR(S) STRINGIFY(S)

#define SN MAKE_STR(N)

#include <stdio.h>

int main (void)
{
  int ret;

  ret = printf ("%" SN "d%" SN "d", 1, 1);
  fprintf (stderr, "ret = %d\n", ret);
  return 0;
}

$ ./ret-printf | wc -c
ret = 0
4294967296

I don't know how such cases should be handled, but returning a non-negative
value different from the number of output characters is incorrect.

Moreover, printf doesn't handle field widths larger than 2^31.
Comment 1 Vincent Lefèvre 2007-11-28 13:25:30 UTC
I found the following with Google:

http://www.opengroup.org/platform/resolutions/bwg98-006.html

"In addition, snprintf() will fail if:
[EOVERFLOW] The value of n is greater than INT_MAX
or the number of bytes needed to hold
the output excluding the terminating
null is greater than INT_MAX."

This is also in a recent POSIX draft (I haven't checked the latest).
Comment 2 Ulrich Drepper 2007-12-10 02:30:22 UTC
Overflow check is in cvs.