This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: Testsuite hosted :-(

To: aj at suse dot de, Ulrich Drepper <drepper at cygnus dot com>
Subject: Re: Testsuite hosted :-(
From: "H . J . Lu" <hjl at lucon dot org>
Date: Mon, 31 Jul 2000 19:49:51 -0700
Cc: GNU C Library <libc-hacker at sourceware dot cygnus dot com>
References: <20000731193605.A21749@lucon.org>

On Mon, Jul 31, 2000 at 07:36:05PM -0700, H . J . Lu wrote:
> I don't see how anyone can pass stdio-common/tfformat. The test which
> causes the problem is 
> 
> 	{__LINE__, 16,                        "0x1.0p+4", "%.1a"}
> 
> 
> In sysdeps/generic/printf_fphex.c around line 301, there are
> 
>       /* Fill with zeroes.  */
>       while (wnumstr > wnumbuf + (sizeof wnumbuf - 52 / 4))
>         {
>           *--wnumstr = L'0'; 
>           *--numstr = '0';
>         }
> 
> I cannot figure out what it is trying to do. In that case, after
> 
>           wnumstr = _itowa (num, wnumbuf + sizeof wnumbuf, 16,
>                             info->spec == 'A');
> 
> size of wnumbuf is 128
> wnumstr is (wchar_t *) 0xbfffed1c
> wnumbuf is (wchar_t *) 0xbfffeb20
> wnumstr is &wnumbuf[127]
> 
>           *--wnumstr = L'0'; 
> 
> will overwrite some memory on stack, which leads to the problem.
> 
> 

Does this patch make any senses?


H.J.
---
2000-07-31  H.J. Lu  <hjl@gnu.org>

	* sysdeps/generic/printf_fphex.c (__printf_fphex): Correctly
	handle the wchar_t array.

Index: sysdeps/generic/printf_fphex.c
===================================================================
RCS file: /work/cvs/gnu/glibc/sysdeps/generic/printf_fphex.c,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 printf_fphex.c
--- sysdeps/generic/printf_fphex.c	2000/05/21 21:11:33	1.1.1.1
+++ sysdeps/generic/printf_fphex.c	2000/08/01 02:47:17
@@ -284,21 +284,21 @@ __printf_fphex (FILE *fp,
 
       if (sizeof (unsigned long int) > 6)
 	{
-	  wnumstr = _itowa_word (num, wnumbuf + sizeof wnumbuf, 16,
+	  wnumstr = _itowa_word (num, wnumbuf + (sizeof wnumbuf) / sizeof (wchar_t), 16,
 				 info->spec == 'A');
 	  numstr = _itoa_word (num, numbuf + sizeof numbuf, 16,
 			       info->spec == 'A');
 	}
       else
 	{
-	  wnumstr = _itowa (num, wnumbuf + sizeof wnumbuf, 16,
+	  wnumstr = _itowa (num, wnumbuf + sizeof wnumbuf / sizeof (wchar_t), 16,
 			    info->spec == 'A');
 	  numstr = _itoa (num, numbuf + sizeof numbuf, 16,
 			  info->spec == 'A');
 	}
 
       /* Fill with zeroes.  */
-      while (wnumstr > wnumbuf + (sizeof wnumbuf - 52 / 4))
+      while (wnumstr > wnumbuf + (sizeof wnumbuf - 52) / sizeof (wchar_t))
 	{
 	  *--wnumstr = L'0';
 	  *--numstr = '0';

Follow-Ups:
- Re: Testsuite hosted :-(
  - From: Ulrich Drepper

References:
- Re: Testsuite hosted :-(
  - From: H . J . Lu

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]