Memory leak in vsnprintf
Paul Mattes
paul.mattes@usa.net
Thu Mar 16 20:08:00 GMT 2006
Delightful -- thanks.
Jeff Johnston wrote:
> Yes, there was a problem. What was happening is that a fake file is
> made for the string I/O functions and the buffer is set to the input
> string pointer. Later on, a macro checking for writability was
> noticing the buffer was NULL and was calling a function that allocated
> a new buffer. We don't want to do this for string I/O functions
> (excepting asprintf family).
>
> I have just checked in a patch to libc/stdio/wsetup.c.
>
> -- Jeff J.
>
> Paul Mattes wrote:
>
>> I believe I have found a memory leak in the newlib version of
>> vsnprintf(). If it is called with a NULL 'str' parameter and a 0
>> 'length', it leaks a BUFSIZ-sized buffer. (Per C99 and SUSv3,
>> calling vsnprintf() with a NULL 'str' and 0 'length' is a way to find
>> out how big the formatted string would be without actually storing it
>> anywhere.)
>>
>> Here is an example program:
>>
>> #include <stdio.h>
>> #include <stdarg.h>
>>
>> int
>> waste_it(char *fmt, ...)
>> {
>> int ns;
>> va_list a;
>>
>> va_start(a, fmt);
>> ns = vsnprintf(NULL, 0, fmt, a);
>> va_end(a);
>> return ns;
>> }
>>
>> main(int argc, char *argv[])
>> {
>> int i;
>> int n;
>>
>> for (i = 0; i < 10000; i++) {
>> n += waste_it("%s foo %d", "hello", 49);
>> }
>> }
>>
>> This program will consume quite a lot of memory on Cygwin, which is
>> where it was first reported to me.
>>
>
>
--
pdm
More information about the Newlib
mailing list