Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 Apr 2001 02:23:11 +0400
From:      "D. K." <dk@homepage.ru>
To:        Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, security@FreeBSD.ORG
Subject:   Re: FreeBSD grow bug
Message-ID:  <3ADF654F.D5897981@homepage.ru>
References:  <3ADF4DD0.17AB0F64@homepage.ru> <200104192042.QAA40625@khavrinen.lcs.mit.edu> <3ADF5442.BD703D6@homepage.ru> <200104192113.RAA40978@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 

Garrett Wollman wrote:
> 
> <<On Fri, 20 Apr 2001 01:10:26 +0400, "D. K." <dk@homepage.ru> said:
> 
> > You are not right
> 
> To quote from the Austin Group draft 6:
> 
>         The format can contain either numbered argument conversion
>         specifications (that is, "%n$" and "*m$"), or unnumbered
>         argument conversion specifications (that is, % and *), but not
>                                                                ^^^^^^^
>         both. The only exception to this is that %% can be mixed with
>         ^^^^^
>         the "%n$" form. The results of mixing numbered and unnumbered
>         argument specifications in a format string are undefined. When
>         numbered argument specifications are used, specifying the Nth
>                                                    ^^^^^^^^^^^^^^^^^^
>         argument requires that all the leading arguments, from the
>         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>         first to the (N-1)th, are specified in the format string.
>         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> The exact same language, spread out over several paragraphs, appears
> in the Single UNIX Spec version 2.
> 
> -GAWollman



In any case the result should not generate core dump on FreeBSD in my examples.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The error is present on FreeBSD 4.2-RELEASE
See answer from Robert Simmons

About first example:
I can call func(char *fmt, ...) with many parameters, and to use not
all from them.
 
Such as: printf("%d\n", 1, 2, 3, 4, 5, 6, 7);

The compiler cares of restoration of a stack.
In my examples no unaccessed elements.

About second example:
I have mixed them accurately.The compiler knows to what unit to access.
In any case on _FreeBSD_ this examples must work..


Best Regards,
Dmitry Kopteloff
---
LG Soft Lab.
Information Security Group, RUSSIA

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ADF654F.D5897981>