Memory leak in vsnprintf

Thu Mar 16 20:08:00 GMT 2006

Delightful -- thanks.

Jeff Johnston wrote:

> Yes, there was a problem.  What was happening is that a fake file is 
> made for the string I/O functions and the buffer is set to the input 
> string pointer.  Later on, a macro checking for writability was 
> noticing the buffer was NULL and was calling a function that allocated 
> a new buffer.  We don't want to do this for string I/O functions 
> (excepting asprintf family).
>
> I have just checked in a patch to libc/stdio/wsetup.c.
>
> -- Jeff J.
>
> Paul Mattes wrote:
>
>> I believe I have found a memory leak in the newlib version of 
>> vsnprintf().  If it is called with a NULL 'str' parameter and a 0 
>> 'length', it leaks a BUFSIZ-sized buffer.  (Per C99 and SUSv3, 
>> calling vsnprintf() with a NULL 'str' and 0 'length' is a way to find 
>> out how big the formatted string would be without actually storing it 
>> anywhere.)
>>
>> Here is an example program:
>>
>>   #include <stdio.h>
>>   #include <stdarg.h>
>>
>>   int
>>   waste_it(char *fmt, ...)
>>   {
>>           int ns;
>>           va_list a;
>>
>>           va_start(a, fmt);
>>           ns = vsnprintf(NULL, 0, fmt, a);
>>           va_end(a);
>>           return ns;
>>   }
>>
>>   main(int argc, char *argv[])
>>   {
>>           int i;
>>           int n;
>>
>>           for (i = 0; i < 10000; i++) {
>>                   n += waste_it("%s foo %d", "hello", 49);
>>           }
>>   }
>>
>> This program will consume quite a lot of memory on Cygwin, which is 
>> where it was first reported to me.
>>
>
>

-- 
        pdm