[Bug libc/6530] New: *printf() and incomplete multibyte sequences may cause infinite loops

["madcoder at debian dot org" <sourceware-bugzilla at sourceware dot org>]

With the following testcase, it happens while it shouldn't, according to
the manual:
-----8<-------
#include <stdio.h>
#include <locale.h>

#define STR "²éľÂíɱ²¡¶¾£¬ÖܺèµtÄúµÄ360²»×¨Òµ£¡"

int main(void) {
        char buf[200];
        setlocale(LC_ALL, "");
        printf("%d\n", snprintf(buf, 150, "%.50s", STR));
        return 0;
}
----->8-------

The manual page has this to say:
 About precision:
  An optional precision, in the form of a period (&#8216;.&#8217;)  followed by an
  optional decimal digit string.(...) This gives (...) the maximum
  number of characters to be printed from a string for s and S
  conversions.

 About s:
  If no l modifier is present: The const char * argument is expected to
  be a pointer to an array of character type(...)

  If an l modifier is present: The const wchar_t * argument is expected
  to be a pointer to an array of wide characters.  Wide characters from
  the  array  are converted  to  multibyte  characters (...)

There is no "l" modifier, but still, the string goes through the
multibyte conversion code, and fails because the string is invalid
multibyte.

Note, it only works with non UTF-8 locale set in LC_CTYPE or LC_ALL.

This is debian bug http://bugs.debian.org/208308

-- 
           Summary: *printf() and incomplete multibyte sequences may cause
                    infinite loops
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: drepper at redhat dot com
        ReportedBy: madcoder at debian dot org
                CC: glibc-bugs at sources dot redhat dot com


http://sourceware.org/bugzilla/show_bug.cgi?id=6530

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.