This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
arch-independent glibc printf segfault for "special" long double values
- From: Jim Meyering <jim at meyering dot net>
- To: bug-gnulib at gnu dot org, libc-alpha at sourceware dot org, bug-coreutils at gnu dot org
- Date: Fri, 08 Jun 2007 10:48:02 +0200
- Subject: arch-independent glibc printf segfault for "special" long double values
- References: <87y7ixb6wb.fsf@rho.meyering.net>
This started with Bruno Haible's bug report:
> printf crashes on some 'long double' values
> http://sourceware.org/bugzilla/show_bug.cgi?id=4586
I objected to the closure of that BZ:
http://thread.gmane.org/gmane.comp.lib.glibc.alpha/12394
because I don't want to have to use bulky *printf replacements
forever, just to avoid the potential of this glibc code to make
my applications vulnerable to a user-data-provoked segfault.
Note that I've changed the subject to emphasize that this is
architecture-independent. Well, at least it is not IA64-specific.
To trigger it you need a "long double" type longer than 8 bytes.
For example, it can cause GNU od to segfault.
On x86_64, you need to use -tf16 to get the long double interpretation.
On an 686-based system, it's a 12-byte quantity, so you need "-tf12".
Both of these systems are using libc-2.5:
On at least an AMD/x86_64:
$ perl -e 'print pack("LLLL", 0, 0, 32772, 0)' |od -tf16
[Exit 139 (SEGV)]
On an i686-based system:
$ perl -e 'print pack("LLLL", 0, 0, 32772, 0)' |od -tf12
[Exit 139 (SEGV)]
Thanks again to Jakub Jelinek for changing it.
Now, the above should print those values as FP zeros.