This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
I don't see how anyone can pass stdio-common/tfformat. The test which causes the problem is {__LINE__, 16, "0x1.0p+4", "%.1a"} In sysdeps/generic/printf_fphex.c around line 301, there are /* Fill with zeroes. */ while (wnumstr > wnumbuf + (sizeof wnumbuf - 52 / 4)) { *--wnumstr = L'0'; *--numstr = '0'; } I cannot figure out what it is trying to do. In that case, after wnumstr = _itowa (num, wnumbuf + sizeof wnumbuf, 16, info->spec == 'A'); size of wnumbuf is 128 wnumstr is (wchar_t *) 0xbfffed1c wnumbuf is (wchar_t *) 0xbfffeb20 wnumstr is &wnumbuf[127] *--wnumstr = L'0'; will overwrite some memory on stack, which leads to the problem. H.J.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |