Date: 18 Jun 2001 04:43:32 +0200 From: Assar Westerlund <assar@FreeBSD.org> To: Bruce Evans <bde@zeta.org.au> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libc/stdio snprintf.c sprintf.c vsnprintf.c vsprintf.c Message-ID: <5lpuc2o6cq.fsf@assaris.sics.se> In-Reply-To: Bruce Evans's message of "Mon, 18 Jun 2001 12:36:32 %2B1000 (EST)" References: <Pine.BSF.4.21.0106181133090.5233-100000@besplex.bde.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Bruce Evans <bde@zeta.org.au> writes: > This is bogus for sprintf and vsprintf, and for snprintf and vsnprintf > with a nonzero buffer size, since str == NULL is an application error > in these cases. The error should cause a core dump when the null > "string" is written to, but this doesn't happen because the allocated > buffer gets written to instead. But snprintf with str == NULL, sz == 0 is valid, right? > Untested patch to prevent the bogus allocation: > > Index: local.h > =================================================================== > RCS file: /home/ncvs/src/lib/libc/stdio/local.h,v > retrieving revision 1.4 > diff -c -2 -r1.4 local.h > *** local.h 2001/06/04 12:36:06 1.4 > --- local.h 2001/06/18 02:32:32 > *************** > *** 82,86 **** > */ > #define cantwrite(fp) \ > ! ((((fp)->_flags & __SWR) == 0 || (fp)->_bf._base == NULL) && \ > __swsetup(fp)) > > --- 82,87 ---- > */ > #define cantwrite(fp) \ > ! ((((fp)->_flags & __SWR) == 0 || \ > ! ((fp)->_bf._base == NULL && ((fp)->_flags & __SSTR) == 0)) && \ > __swsetup(fp)) > > I don't like doing extra work to support undefined behaviour, but the > allocation is also bogus for snprintf() with a buffer size of 0. But does this handle str == NULL, sz == 0 ? /assar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5lpuc2o6cq.fsf>