This is the mail archive of the
ecos-patches@sourceware.org
mailing list for the eCos project.
[Bug 1001490] C99 snprintf() does not include terminated null in truncated strings
- From: bugzilla-daemon at bugs dot ecos dot sourceware dot org
- To: ecos-patches at ecos dot sourceware dot org
- Date: Thu, 9 Aug 2012 09:52:09 +0100
- Subject: [Bug 1001490] C99 snprintf() does not include terminated null in truncated strings
- Auto-submitted: auto-generated
- References: <bug-1001490-104@http.bugs.ecos.sourceware.org/>
Please do not reply to this email. Use the web interface provided at:
http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001490
--- Comment #7 from Sergei Gavrikov <sergei.gavrikov@gmail.com> 2012-08-09 09:52:06 BST ---
(In reply to comment #6)
> (In reply to comment #5)
> > It's okay for ("%.18f\n", 3.14e-11)
> > 0.000000000031400000
>
> but not quite OK for these:
> ("%.18f\n", 3.1415926E-11)
> eCos: "0.000000000031400000"
> glib: "0.000000000031415926"
>
> ("%.18f\n", DBL_MAX*2)
> eCos: "inf000"
> glib: "inf"
>
>
> > But the padding/zeroing will be wrong for %e, %E, when requested prec >
> > MAXPREC.
>
> but also for %g: this does work like %e, when the value is >=10^prec or <=10^-4
>
> > Well, it looks like my fix (Suzuki did talk about the same point which I
> > found in GDB), but my workaround was
> > if (prec > MAXFRACT) {
> > if ((ch == 'f' && ch == 'F') || (flags&ALT)) {
> > fpprec = prec - MAXFRACT;
> > prec = MAXFRACT;
> > }
> > } else if (prec == -1)
>
> ok, but with this patch there will be a crash in printf("%.999e", x)
You're right. I had not tested it enough.
> limiting prec MAXFRACT helps to avoid the buffer overrun in "cvt"
> however with DBL_MAX the buffer size BUF 2 characters too small as I said.
>
> I tried to solve it this way:
>
> diff -Nur
> ecos-cvs-120723/packages/language/c/libc/stdio/current/src/output/vfnprintf.cxx
> ecos/packages/language/c/libc/stdio/current/src/output/vfnprintf.cxx
> ---
> ecos-cvs-120723/packages/language/c/libc/stdio/current/src/output/vfnprintf.cxx
> 2009-08-20 18:09:18.000000000 +0200
> +++ ecos/packages/language/c/libc/stdio/current/src/output/vfnprintf.cxx
> 2012-08-07 10:16:48.809576300 +0200
> @@ -107,7 +107,7 @@
> # define MAXFRACT DBL_DIG
> # define MAXEXP DBL_MAX_10_EXP
>
> -# define BUF (MAXEXP+MAXFRACT+1) /* + decimal point */
> +# define BUF (MAXEXP+MAXFRACT+3) /* + decimal point + rounding
> */
> # define DEFPREC 6
>
> static int
> @@ -420,7 +420,7 @@
> * zeroes later, so buffer size stays rational.
> */
> if (prec > MAXFRACT) {
> - if ((ch != 'g' && ch != 'G') || (flags&ALT))
> + if (ch == 'f' || ch == 'F')
> fpprec = prec - MAXFRACT;
> prec = MAXFRACT;
> } else if (prec == -1)
>
>
> This way there are no buffer overruns, and the added zeros are at least
> never in the exponent. That would at least be a interim solution...
Yes, as for me it's better than nothing. BTW, tonight I found a few points on
+3. E.g.
http://sources.redhat.com/ml/newlib/2003/msg00610.html
http://svn.deepdarc.com/code/contiki/trunk/cpu/stm32w108/hal/micro/cortexm3/e_stdio/src/small_vfsscanf.c
> But I start to think that the "cvt" function will need a complete re-write
> for strict conformance. And another point would be, that when you look at
> the vfnprintf function in the assembler (ARM9, eCosCentric GNU tools 4.3.2-sw)
>
> vfnprintf:stmdb r13!,{r4-r11,r14}
> sub r13,r13,#0x30C
>
> This function needs 816 bytes on the stack,
> even if you do not use any %f formats!
>
> Maybe reducing this number could be worth the effort.
Even if CYGSEM_LIBC_STDIO_PRINTF_FLOATING_POINT is not defined?
Bernd, could you, please, prepare the patch on 0-padding with ChangeLog
entry? It seems to me the patch can be submitted for bug #20804
record.
Thank you,
Sergei
--
Configure bugmail: http://bugs.ecos.sourceware.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.