This is the mail archive of the newlib@sourceware.org mailing list for the newlib project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: implement printf("%a")

From: Eric Blake <ebb9 at byu dot net>
To: newlib at sources dot redhat dot com
Date: Thu, 10 May 2007 02:02:47 +0000 (UTC)
Subject: Re: implement printf("%a")
References: <loom.20070509T191001-77@post.gmane.org>

Eric Blake <ebb9 <at> byu.net> writes:

> 
> Here it goes; tested on cygwin using the gnulib printf-posix testsuite [1]; 
> this passes all tests that used to require a gnulib replacement function.

It passed the gnulib testsuite on cygwin by sheer dumb luck, because the single-
threaded testsuite never used more than eight hex digits and snprintf didn't 
trigger an intermediate malloc.  I was able to get asnprintf to corrupt the 
heap; and multithreaded malloc'ing could do likewise.

>  <at>  <at>  -892,10 +885,33  <at>  <at>  reswitch:	switch (ch) {
>  			}
>  #endif /* !_NO_LONGDBL */
> 
> +			if (ch == 'a' || ch == 'A') {
> +				ox[0] = '0';
> +				ox[1] = ch == 'a' ? 'x' : 'X';
> +				flags |= HEXPREFIX;
> +				if (prec >= sizeof buf)

prec is -1 for %a, but sizeof is unsigned.  The unsigned comparison led to 
mallocing 0 bytes (and the consequent heap corruption when writing beyond the 8-
byte bounds of the malloc granularity).  The conditional should instead 
be "prec >= (int) (sizeof buf)", or simply "prec >= BUF", to force signed 
comparison.

With that correction, is this patch okay to commit?

-- 
Eric Blake

Follow-Ups:
- Re: implement printf("%a")
  - From: Jeff Johnston

References:
- implement printf("%a")
  - From: Eric Blake

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]