64-bit snprintf/vsnprintf overflow condition

Eric Blake eblake@redhat.com
Fri Oct 29 20:01:00 GMT 2010 

On 10/29/2010 12:03 PM, David A. Ramos wrote:
> Hi,
> 
> It looks like the overflow condition in vsnprintf/snprintf is unnecessarily restrictive for 64-bit architectures.
> 
> from libc/stdio/snprintf.c:
>  52  if (size > INT_MAX)
>  53    {
>  54      ptr->_errno = EOVERFLOW;
>  55      return EOF;
>  56    }
> 
> I believe it should use SIZE_MAX, rather than INT_MAX.

It MUST be INT_MAX.  That's because the return value is int, not size_t.

Here's what POSIX has to say about it:

http://www.opengroup.org/onlinepubs/9699919799/functions/snprintf.html
The snprintf() function shall fail if:

[EOVERFLOW]
    [CX] [Option Start] The value of n is greater than {INT_MAX} or the
number of bytes needed to hold the output excluding the terminating null
is greater than {INT_MAX}. [Option End]


and as further amended by:

http://austingroupbugs.net/view.php?id=316

Add the following [EOVERFLOW] error under the ERRORS section
(in the Rebision) introduced by
"In addition, all forms of fprintf( ) shall fail if:",

   [EOVERFLOW]
     [CX] The value to be returned is greater than {INT_MAX}.

And then change the existing [EOVERFLOW] error for snprintf() to:

   [EOVERFLOW]
     [CX] The value of n is greater than {INT_MAX}.

(Note the use of CX shading in both cases - in the revision the
existing EOVERFLOW has changed from XSI to CX.)


Then in XSH 2.3 Error Numbers add to the end of the existing
paragraph 6 which says
"The ERRORS section on each reference page specifies which error
conditions shall be detected by all implementations (``shall
fail'') and which may be optionally detected by an implementation
(``may fail''). If no error condition is detected, the action
requested shall be successful."

(new text to add):
If an error condition is detected, the action requested may have
been partially performed, unless otherwise stated.

-- 
Eric Blake   eblake@redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://sourceware.org/pipermail/newlib/attachments/20101029/13fffaba/attachment.sig>

More information about the Newlib mailing list