From owner-freebsd-security Thu Apr 19 15:18:52 2001 Delivered-To: freebsd-security@freebsd.org Received: from homepage.ru (homepage.ru [195.242.9.13]) by hub.freebsd.org (Postfix) with ESMTP id 645D737B42C for ; Thu, 19 Apr 2001 15:18:46 -0700 (PDT) (envelope-from dk@homepage.ru) Received: from homepage.ru (spb-3-28.dialup.peterlink.ru [195.242.18.28]) by homepage.ru (8.9.3/8.9.3) with ESMTP id CAA70851; Fri, 20 Apr 2001 02:19:41 +0400 (MSD) (envelope-from dk@homepage.ru) Message-ID: <3ADF654F.D5897981@homepage.ru> Date: Fri, 20 Apr 2001 02:23:11 +0400 From: "D. K." X-Mailer: Mozilla 4.74 [en] (X11; U; FreeBSD 4.2-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Garrett Wollman , security@FreeBSD.ORG Subject: Re: FreeBSD grow bug References: <3ADF4DD0.17AB0F64@homepage.ru> <200104192042.QAA40625@khavrinen.lcs.mit.edu> <3ADF5442.BD703D6@homepage.ru> <200104192113.RAA40978@khavrinen.lcs.mit.edu> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Garrett Wollman wrote: > > < said: > > > You are not right > > To quote from the Austin Group draft 6: > > The format can contain either numbered argument conversion > specifications (that is, "%n$" and "*m$"), or unnumbered > argument conversion specifications (that is, % and *), but not > ^^^^^^^ > both. The only exception to this is that %% can be mixed with > ^^^^^ > the "%n$" form. The results of mixing numbered and unnumbered > argument specifications in a format string are undefined. When > numbered argument specifications are used, specifying the Nth > ^^^^^^^^^^^^^^^^^^ > argument requires that all the leading arguments, from the > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > first to the (N-1)th, are specified in the format string. > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > The exact same language, spread out over several paragraphs, appears > in the Single UNIX Spec version 2. > > -GAWollman In any case the result should not generate core dump on FreeBSD in my examples. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The error is present on FreeBSD 4.2-RELEASE See answer from Robert Simmons About first example: I can call func(char *fmt, ...) with many parameters, and to use not all from them. Such as: printf("%d\n", 1, 2, 3, 4, 5, 6, 7); The compiler cares of restoration of a stack. In my examples no unaccessed elements. About second example: I have mixed them accurately.The compiler knows to what unit to access. In any case on _FreeBSD_ this examples must work.. Best Regards, Dmitry Kopteloff --- LG Soft Lab. Information Security Group, RUSSIA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message