This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
On Mon, Jul 31, 2000 at 07:36:05PM -0700, H . J . Lu wrote: > I don't see how anyone can pass stdio-common/tfformat. The test which > causes the problem is > > {__LINE__, 16, "0x1.0p+4", "%.1a"} > > > In sysdeps/generic/printf_fphex.c around line 301, there are > > /* Fill with zeroes. */ > while (wnumstr > wnumbuf + (sizeof wnumbuf - 52 / 4)) > { > *--wnumstr = L'0'; > *--numstr = '0'; > } > > I cannot figure out what it is trying to do. In that case, after > > wnumstr = _itowa (num, wnumbuf + sizeof wnumbuf, 16, > info->spec == 'A'); > > size of wnumbuf is 128 > wnumstr is (wchar_t *) 0xbfffed1c > wnumbuf is (wchar_t *) 0xbfffeb20 > wnumstr is &wnumbuf[127] > > *--wnumstr = L'0'; > > will overwrite some memory on stack, which leads to the problem. > > Does this patch make any senses? H.J. --- 2000-07-31 H.J. Lu <hjl@gnu.org> * sysdeps/generic/printf_fphex.c (__printf_fphex): Correctly handle the wchar_t array. Index: sysdeps/generic/printf_fphex.c =================================================================== RCS file: /work/cvs/gnu/glibc/sysdeps/generic/printf_fphex.c,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 printf_fphex.c --- sysdeps/generic/printf_fphex.c 2000/05/21 21:11:33 1.1.1.1 +++ sysdeps/generic/printf_fphex.c 2000/08/01 02:47:17 @@ -284,21 +284,21 @@ __printf_fphex (FILE *fp, if (sizeof (unsigned long int) > 6) { - wnumstr = _itowa_word (num, wnumbuf + sizeof wnumbuf, 16, + wnumstr = _itowa_word (num, wnumbuf + (sizeof wnumbuf) / sizeof (wchar_t), 16, info->spec == 'A'); numstr = _itoa_word (num, numbuf + sizeof numbuf, 16, info->spec == 'A'); } else { - wnumstr = _itowa (num, wnumbuf + sizeof wnumbuf, 16, + wnumstr = _itowa (num, wnumbuf + sizeof wnumbuf / sizeof (wchar_t), 16, info->spec == 'A'); numstr = _itoa (num, numbuf + sizeof numbuf, 16, info->spec == 'A'); } /* Fill with zeroes. */ - while (wnumstr > wnumbuf + (sizeof wnumbuf - 52 / 4)) + while (wnumstr > wnumbuf + (sizeof wnumbuf - 52) / sizeof (wchar_t)) { *--wnumstr = L'0'; *--numstr = '0';
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |