This is the mail archive of the newlib@sourceware.org mailing list for the newlib project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: implement printf("%a")


Eric Blake <ebb9 <at> byu.net> writes:

> 
> Here it goes; tested on cygwin using the gnulib printf-posix testsuite [1]; 
> this passes all tests that used to require a gnulib replacement function.

It passed the gnulib testsuite on cygwin by sheer dumb luck, because the single-
threaded testsuite never used more than eight hex digits and snprintf didn't 
trigger an intermediate malloc.  I was able to get asnprintf to corrupt the 
heap; and multithreaded malloc'ing could do likewise.

>  <at>  <at>  -892,10 +885,33  <at>  <at>  reswitch:	switch (ch) {
>  			}
>  #endif /* !_NO_LONGDBL */
> 
> +			if (ch == 'a' || ch == 'A') {
> +				ox[0] = '0';
> +				ox[1] = ch == 'a' ? 'x' : 'X';
> +				flags |= HEXPREFIX;
> +				if (prec >= sizeof buf)

prec is -1 for %a, but sizeof is unsigned.  The unsigned comparison led to 
mallocing 0 bytes (and the consequent heap corruption when writing beyond the 8-
byte bounds of the malloc granularity).  The conditional should instead 
be "prec >= (int) (sizeof buf)", or simply "prec >= BUF", to force signed 
comparison.

With that correction, is this patch okay to commit?

-- 
Eric Blake




Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]