This is the mail archive of the
ecos-patches@sourceware.org
mailing list for the eCos project.
[Bug 1001490] C99 snprintf() does not include terminated null in truncated strings
- From: bugzilla-daemon at bugs dot ecos dot sourceware dot org
- To: ecos-patches at ecos dot sourceware dot org
- Date: Wed, 8 Aug 2012 17:58:38 +0100
- Subject: [Bug 1001490] C99 snprintf() does not include terminated null in truncated strings
- Auto-submitted: auto-generated
- References: <bug-1001490-104@http.bugs.ecos.sourceware.org/>
Please do not reply to this email. Use the web interface provided at:
http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001490
--- Comment #5 from Sergei Gavrikov <sergei.gavrikov@gmail.com> 2012-08-08 17:58:35 BST ---
(In reply to comment #4)
> (In reply to comment #3)
> oops, sorry... Now I see, actually I applied the my own patch from
> http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001628
[snip]
Thanks. Clear.
> Well, there is more trouble with sprintf....
>
> There is another bug #20804, about the %e format, that is also still
> not fixed.
>
> When I tried to understand, why that happens, I found a buffer
> overflow in the statement: printf("%.15f", DBL_MAX);
>
> There is a buffer in vfnprintf() which is 2 characters too small.
There is another case. Today I investigated in bug #20804. The reason
is
686 /* trailing f.p. zeroes */
687 PAD(fpprec, zeroes);
688 ret += fpprec;
It's okay for ("%.18f\n", 3.14e-11)
0.000000000031400000
But the padding/zeroing will be wrong for %e, %E, when requested prec >
MAXPREC. Well, I ever made a fix :-) But, then I Googled and found this
report
http://www.cygwin.com/ml/ecos-discuss/2001-05/msg00065.html
Well, it looks like my fix (Suzuki did talk about the same point which I
found in GDB), but my workaround was
if (prec > MAXFRACT) {
if ((ch == 'f' && ch == 'F') || (flags&ALT)) {
fpprec = prec - MAXFRACT;
prec = MAXFRACT;
}
} else if (prec == -1)
I was suprised how many projects use the same "printf" sources! But I've
seen no fixes in this place there. I need more time to look around.
> Maybe there should be a patch for all of the known issues. What do
> you think?
No matter. I think we have to rid all the issues. Thank you for your
reports.
Sergei
--
Configure bugmail: http://bugs.ecos.sourceware.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.