possible snprintf() regression in 3.3.2

Takashi Yano takashi.yano@nifty.ne.jp
Tue Nov 23 08:34:09 GMT 2021


On Tue, 23 Nov 2021 10:23:02 +1100
Tony Cook wrote:
> On Mon, Nov 22, 2021 at 02:04:06PM +0100, Corinna Vinschen via Cygwin wrote:
> > On Nov 22 11:34, Corinna Vinschen via Cygwin wrote:
> > > On Nov 21 11:16, Tony Cook wrote:
> > > > On Thu, Nov 18, 2021 at 09:08:40PM +0000, Sam Edge via Cygwin wrote:
> > > > > I use newlib on embedded with threading libs that have predetermined
> > > > > fixed thread stack sizes. While we tend to have more RAM than in former
> > > > > times we also have multiple thread stacks. Use of alloca() or variable
> > > > > length automatic arrays makes me wince especially in code I might not be
> > > > > able to avoid calling which is often the case with XXXprintf() in
> > > > > third-party libraries' debug output. I'd usually rather take the
> > > > > performance hit from using heap instead of having to make all my stacks
> > > > > bigger.
> > > > 
> > > > A simple option would be to use an small auto fixed buffer for most
> > > > conversions, but use malloc() for %f formats for numbers greater in
> > > > magnitude than some limit, though it would also need to be adjusted
> > > > for the precision (ndigits here), since they take extra space.
> > > > 
> > > > This would avoid using the optional-to-implement VLA feature too.
> > > 
> > > Good idea.  I guess I create a simple fix doing just that.
> > 
> > I created a patch:
> > https://sourceware.org/git/?p=newlib-cygwin.git;a=commitdiff;h=68faeef4be71
> > 
> > Please test the latest developer snapshot from http://cygwin.com/snapshots/
> 
> I don't think this solves the fundamental problem.
> 
> Simply looking at ndigits isn't enough for %f.
> 
> For %f with a large number (like 9e99), the buffer size required is
> ndigits plus (roughly) log10(n), which we can further estimate
> with log2(n)*146/485 (log2(10) is 3.32 ~== 485/146)
> 
> I think something more like:
> 
>   size_t outsize;
>   if (mode == 3) {        /* %f */
>     int expon = (e[NI-1] & 0x7fff) - (EXONE - 1); /* exponent part of float */
>     /* log2(10) approximately 485/146 */
>     outsize = expon * 146 / 485 + ndigits + 10;
>   }
>   else { /* %g/%e */
>     outsize = ndigits + MAX_EXP_DIGITS + 10;
>   }
>   if (outsize > NDEC_SML) {
>     outbuf = (char *)_malloc_r(ptr, outsize);
>   }
> 
> You'll probably need to pass outsize into etoasc() rather than
> calculating it.
> 
> See https://github.com/Perl/perl5/blob/blead/sv.c#L13295 for code in
> perl that calculates the buffer size needed for %f (precis aka ndigits
> is added at line 13385).

I guess Corinna thinks that 'ndigits' keeps the total number
of digits to be printed.

However, in reality, for example in the case:
snprintf(buf, sizeof(buf), "%.3f", 1234567890123456.789);
'ndigits' is only 3 even though total digits will be 20.

So, Tony thinks current code does not correct.

However, I think something is wrong with interpretation
of 'ndigits' in dltoa.c.

printf("%.3f\n", sqrt(2)*1e70);
printf("%.50f\n", sqrt(2)*1e70);

outputs

14142135623730951759073108307330633613786387000000000000000000000000000.000
14142135623730951759073108307330633613786386978891021459448717416650727.13402790000888758223149296720949629080194006476078

Is this as intended?

-- 
Takashi Yano <takashi.yano@nifty.ne.jp>


More information about the Cygwin mailing list