This is the mail archive of the newlib@sourceware.org mailing list for the newlib project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Memory leak in vsnprintf


Delightful -- thanks.

Jeff Johnston wrote:

Yes, there was a problem. What was happening is that a fake file is made for the string I/O functions and the buffer is set to the input string pointer. Later on, a macro checking for writability was noticing the buffer was NULL and was calling a function that allocated a new buffer. We don't want to do this for string I/O functions (excepting asprintf family).

I have just checked in a patch to libc/stdio/wsetup.c.

-- Jeff J.

Paul Mattes wrote:

I believe I have found a memory leak in the newlib version of vsnprintf(). If it is called with a NULL 'str' parameter and a 0 'length', it leaks a BUFSIZ-sized buffer. (Per C99 and SUSv3, calling vsnprintf() with a NULL 'str' and 0 'length' is a way to find out how big the formatted string would be without actually storing it anywhere.)

Here is an example program:

  #include <stdio.h>
  #include <stdarg.h>

  int
  waste_it(char *fmt, ...)
  {
          int ns;
          va_list a;

          va_start(a, fmt);
          ns = vsnprintf(NULL, 0, fmt, a);
          va_end(a);
          return ns;
  }

  main(int argc, char *argv[])
  {
          int i;
          int n;

          for (i = 0; i < 10000; i++) {
                  n += waste_it("%s foo %d", "hello", 49);
          }
  }

This program will consume quite a lot of memory on Cygwin, which is where it was first reported to me.





--
       pdm


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]