This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/7075] sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?)
- From: "mtk dot manpages at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 19 Dec 2008 16:57:41 -0000
- Subject: [Bug libc/7075] sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?)
- References: <20081207174225.7075.kees@outflux.net>
- Reply-to: sourceware-bugzilla at sourceware dot org
------- Additional Comments From mtk dot manpages at gmail dot com 2008-12-19 16:57 -------
(In reply to comment #6)
> I have submitted a patch for linux-manpages:
> http://thread.gmane.org/gmane.linux.man/639
I've applied the following patch for man-pages-3.16.
--- a/man3/printf.3
+++ b/man3/printf.3
@@ -133,6 +133,17 @@ string that specifies how subsequent arguments (or
arguments accessed via
the variable-length argument facilities of
.BR stdarg (3))
are converted for output.
+
+C99 and POSIX.1-2001 specify that the results are undefined if a call to
+.BR sprintf (),
+.BR snprintf (),
+.BR vsprintf (),
+or
+.BR vsnprintf ()
+would cause to copying to take place between objects that overlap
+(e.g., if the target string array and one of the supplied input arguments
+refer to the same buffer).
+See NOTES.
.SS "Return value"
Upon successful return, these functions return the number of characters
printed (not including the
@@ -851,6 +862,26 @@ and conversion characters \fBa\fP and \fBA\fP.
glibc 2.2 adds the conversion character \fBF\fP with C99 semantics,
and the flag character \fBI\fP.
.SH NOTES
+Some programs imprudently rely on code such as the following
+
+ sprintf(buf, "%s some further text", buf);
+
+to append text to
+.IR buf .
+However, the standards explicitly note that the results are undefined
+if source and destination buffers overlap when calling
+.BR sprintf (),
+.BR snprintf (),
+.BR vsprintf (),
+and
+.BR vsnprintf ().
+.\" http://sourceware.org/bugzilla/show_bug.cgi?id=7075
+Depending on the version of
+.BR gcc (1)
+used, and the compiler options employed, calls such as the above will
+.B not
+produce the expected results.
+
The glibc implementation of the functions
.BR snprintf ()
and
--
http://sourceware.org/bugzilla/show_bug.cgi?id=7075
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.