This is the mail archive of the newlib@sourceware.org mailing list for the newlib project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Eric Blake <ebb9 <at> byu.net> writes:
Here it goes; tested on cygwin using the gnulib printf-posix testsuite [1]; this passes all tests that used to require a gnulib replacement function.
It passed the gnulib testsuite on cygwin by sheer dumb luck, because the single-
threaded testsuite never used more than eight hex digits and snprintf didn't trigger an intermediate malloc. I was able to get asnprintf to corrupt the heap; and multithreaded malloc'ing could do likewise.
<at> <at> -892,10 +885,33 <at> <at> reswitch: switch (ch) { } #endif /* !_NO_LONGDBL */
+ if (ch == 'a' || ch == 'A') { + ox[0] = '0'; + ox[1] = ch == 'a' ? 'x' : 'X'; + flags |= HEXPREFIX; + if (prec >= sizeof buf)
prec is -1 for %a, but sizeof is unsigned. The unsigned comparison led to mallocing 0 bytes (and the consequent heap corruption when writing beyond the 8-
byte bounds of the malloc granularity). The conditional should instead be "prec >= (int) (sizeof buf)", or simply "prec >= BUF", to force signed comparison.
With that correction, is this patch okay to commit?
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |