This is the mail archive of the
ecos-patches@sourceware.org
mailing list for the eCos project.
[Bug 1001490] C99 snprintf() does not include terminated null in truncated strings
- From: bugzilla-daemon at bugs dot ecos dot sourceware dot org
- To: ecos-patches at ecos dot sourceware dot org
- Date: Thu, 9 Aug 2012 08:50:02 +0100
- Subject: [Bug 1001490] C99 snprintf() does not include terminated null in truncated strings
- Auto-submitted: auto-generated
- References: <bug-1001490-104@http.bugs.ecos.sourceware.org/>
Please do not reply to this email. Use the web interface provided at:
http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001490
--- Comment #6 from Bernd Edlinger <bernd.edlinger@hotmail.de> 2012-08-09 08:49:57 BST ---
(In reply to comment #5)
> It's okay for ("%.18f\n", 3.14e-11)
> 0.000000000031400000
but not quite OK for these:
("%.18f\n", 3.1415926E-11)
eCos: "0.000000000031400000"
glib: "0.000000000031415926"
("%.18f\n", DBL_MAX*2)
eCos: "inf000"
glib: "inf"
> But the padding/zeroing will be wrong for %e, %E, when requested prec >
> MAXPREC.
but also for %g: this does work like %e, when the value is >=10^prec or <=10^-4
> Well, it looks like my fix (Suzuki did talk about the same point which I
> found in GDB), but my workaround was
> if (prec > MAXFRACT) {
> if ((ch == 'f' && ch == 'F') || (flags&ALT)) {
> fpprec = prec - MAXFRACT;
> prec = MAXFRACT;
> }
> } else if (prec == -1)
ok, but with this patch there will be a crash in printf("%.999e", x)
limiting prec MAXFRACT helps to avoid the buffer overrun in "cvt"
however with DBL_MAX the buffer size BUF 2 characters too small as I said.
I tried to solve it this way:
diff -Nur
ecos-cvs-120723/packages/language/c/libc/stdio/current/src/output/vfnprintf.cxx
ecos/packages/language/c/libc/stdio/current/src/output/vfnprintf.cxx
---
ecos-cvs-120723/packages/language/c/libc/stdio/current/src/output/vfnprintf.cxx
2009-08-20 18:09:18.000000000 +0200
+++ ecos/packages/language/c/libc/stdio/current/src/output/vfnprintf.cxx
2012-08-07 10:16:48.809576300 +0200
@@ -107,7 +107,7 @@
# define MAXFRACT DBL_DIG
# define MAXEXP DBL_MAX_10_EXP
-# define BUF (MAXEXP+MAXFRACT+1) /* + decimal point */
+# define BUF (MAXEXP+MAXFRACT+3) /* + decimal point + rounding
*/
# define DEFPREC 6
static int
@@ -420,7 +420,7 @@
* zeroes later, so buffer size stays rational.
*/
if (prec > MAXFRACT) {
- if ((ch != 'g' && ch != 'G') || (flags&ALT))
+ if (ch == 'f' || ch == 'F')
fpprec = prec - MAXFRACT;
prec = MAXFRACT;
} else if (prec == -1)
This way there are no buffer overruns, and the added zeros are at least
never in the exponent. That would at least be a interim solution...
But I start to think that the "cvt" function will need a complete re-write
for strict conformance. And another point would be, that when you look at
the vfnprintf function in the assembler (ARM9, eCosCentric GNU tools 4.3.2-sw)
vfnprintf:stmdb r13!,{r4-r11,r14}
sub r13,r13,#0x30C
This function needs 816 bytes on the stack,
even if you do not use any %f formats!
Maybe reducing this number could be worth the effort.
Bernd.
--
Configure bugmail: http://bugs.ecos.sourceware.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.