From owner-cvs-all  Sun Jun 17 19:43:55 2001
Delivered-To: cvs-all@freebsd.org
Received: from assaris.sics.se (dhcp-221-128.pdc.kth.se [130.237.221.128])
	by hub.freebsd.org (Postfix) with ESMTP
	id C8C3E37B401; Sun, 17 Jun 2001 19:43:39 -0700 (PDT)
	(envelope-from assar@assaris.sics.se)
Received: (from assar@localhost)
	by assaris.sics.se (8.9.3/8.9.3) id EAA54625;
	Mon, 18 Jun 2001 04:43:33 +0200 (CEST)
	(envelope-from assar)
To: Bruce Evans <bde@zeta.org.au>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/lib/libc/stdio snprintf.c sprintf.c vsnprintf.c vsprintf.c
References: <Pine.BSF.4.21.0106181133090.5233-100000@besplex.bde.org>
From: Assar Westerlund <assar@FreeBSD.org>
Date: 18 Jun 2001 04:43:32 +0200
In-Reply-To: Bruce Evans's message of "Mon, 18 Jun 2001 12:36:32 +1000 (EST)"
Message-ID: <5lpuc2o6cq.fsf@assaris.sics.se>
Lines: 38
User-Agent: Gnus/5.070098 (Pterodactyl Gnus v0.98) Emacs/20.6
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

Bruce Evans <bde@zeta.org.au> writes:
> This is bogus for sprintf and vsprintf, and for snprintf and vsnprintf
> with a nonzero buffer size, since str == NULL is an application error
> in these cases.  The error should cause a core dump when the null
> "string" is written to, but this doesn't happen because the allocated
> buffer gets written to instead.

But snprintf with str == NULL, sz == 0 is valid, right?

> Untested patch to prevent the bogus allocation:
> 
> Index: local.h
> ===================================================================
> RCS file: /home/ncvs/src/lib/libc/stdio/local.h,v
> retrieving revision 1.4
> diff -c -2 -r1.4 local.h
> *** local.h	2001/06/04 12:36:06	1.4
> --- local.h	2001/06/18 02:32:32
> ***************
> *** 82,86 ****
>    */
>   #define	cantwrite(fp) \
> ! 	((((fp)->_flags & __SWR) == 0 || (fp)->_bf._base == NULL) && \
>   	 __swsetup(fp))
>   
> --- 82,87 ----
>    */
>   #define	cantwrite(fp) \
> ! 	((((fp)->_flags & __SWR) == 0 || \
> ! 	    ((fp)->_bf._base == NULL && ((fp)->_flags & __SSTR) == 0)) && \
>   	 __swsetup(fp))
>   
> I don't like doing extra work to support undefined behaviour, but the
> allocation is also bogus for snprintf() with a buffer size of 0.

But does this handle str == NULL, sz == 0 ?

/assar

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message