public inbox for ecos-bugs@sourceware.org help / color / mirror / Atom feed
From: bugzilla-daemon@bugs.ecos.sourceware.org To: unassigned@bugs.ecos.sourceware.org Subject: [Bug 1001490] C99 snprintf() does not include terminated null in truncated strings Date: Thu, 09 Aug 2012 08:52:00 -0000 [thread overview] Message-ID: <20120809085209.7AB7E2F78009@mail.ecoscentric.com> (raw) In-Reply-To: <bug-1001490-777@http.bugs.ecos.sourceware.org/> Please do not reply to this email. Use the web interface provided at: http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001490 --- Comment #7 from Sergei Gavrikov <sergei.gavrikov@gmail.com> 2012-08-09 09:52:06 BST --- (In reply to comment #6) > (In reply to comment #5) > > It's okay for ("%.18f\n", 3.14e-11) > > 0.000000000031400000 > > but not quite OK for these: > ("%.18f\n", 3.1415926E-11) > eCos: "0.000000000031400000" > glib: "0.000000000031415926" > > ("%.18f\n", DBL_MAX*2) > eCos: "inf000" > glib: "inf" > > > > But the padding/zeroing will be wrong for %e, %E, when requested prec > > > MAXPREC. > > but also for %g: this does work like %e, when the value is >=10^prec or <=10^-4 > > > Well, it looks like my fix (Suzuki did talk about the same point which I > > found in GDB), but my workaround was > > if (prec > MAXFRACT) { > > if ((ch == 'f' && ch == 'F') || (flags&ALT)) { > > fpprec = prec - MAXFRACT; > > prec = MAXFRACT; > > } > > } else if (prec == -1) > > ok, but with this patch there will be a crash in printf("%.999e", x) You're right. I had not tested it enough. > limiting prec MAXFRACT helps to avoid the buffer overrun in "cvt" > however with DBL_MAX the buffer size BUF 2 characters too small as I said. > > I tried to solve it this way: > > diff -Nur > ecos-cvs-120723/packages/language/c/libc/stdio/current/src/output/vfnprintf.cxx > ecos/packages/language/c/libc/stdio/current/src/output/vfnprintf.cxx > --- > ecos-cvs-120723/packages/language/c/libc/stdio/current/src/output/vfnprintf.cxx > 2009-08-20 18:09:18.000000000 +0200 > +++ ecos/packages/language/c/libc/stdio/current/src/output/vfnprintf.cxx > 2012-08-07 10:16:48.809576300 +0200 > @@ -107,7 +107,7 @@ > # define MAXFRACT DBL_DIG > # define MAXEXP DBL_MAX_10_EXP > > -# define BUF (MAXEXP+MAXFRACT+1) /* + decimal point */ > +# define BUF (MAXEXP+MAXFRACT+3) /* + decimal point + rounding > */ > # define DEFPREC 6 > > static int > @@ -420,7 +420,7 @@ > * zeroes later, so buffer size stays rational. > */ > if (prec > MAXFRACT) { > - if ((ch != 'g' && ch != 'G') || (flags&ALT)) > + if (ch == 'f' || ch == 'F') > fpprec = prec - MAXFRACT; > prec = MAXFRACT; > } else if (prec == -1) > > > This way there are no buffer overruns, and the added zeros are at least > never in the exponent. That would at least be a interim solution... Yes, as for me it's better than nothing. BTW, tonight I found a few points on +3. E.g. http://sources.redhat.com/ml/newlib/2003/msg00610.html http://svn.deepdarc.com/code/contiki/trunk/cpu/stm32w108/hal/micro/cortexm3/e_stdio/src/small_vfsscanf.c > But I start to think that the "cvt" function will need a complete re-write > for strict conformance. And another point would be, that when you look at > the vfnprintf function in the assembler (ARM9, eCosCentric GNU tools 4.3.2-sw) > > vfnprintf:stmdb r13!,{r4-r11,r14} > sub r13,r13,#0x30C > > This function needs 816 bytes on the stack, > even if you do not use any %f formats! > > Maybe reducing this number could be worth the effort. Even if CYGSEM_LIBC_STDIO_PRINTF_FLOATING_POINT is not defined? Bernd, could you, please, prepare the patch on 0-padding with ChangeLog entry? It seems to me the patch can be submitted for bug #20804 record. Thank you, Sergei -- Configure bugmail: http://bugs.ecos.sourceware.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
next prev parent reply other threads:[~2012-08-09 8:52 UTC|newest] Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top 2012-02-19 13:11 [Bug 1001490] New: " bugzilla-daemon 2012-06-27 18:37 ` [Bug 1001490] " bugzilla-daemon 2012-08-07 10:06 ` bugzilla-daemon 2012-08-07 16:44 ` bugzilla-daemon 2012-08-08 7:31 ` bugzilla-daemon 2012-08-08 16:58 ` bugzilla-daemon 2012-08-09 7:50 ` bugzilla-daemon 2012-08-09 8:52 ` bugzilla-daemon [this message] 2012-08-09 10:00 ` bugzilla-daemon 2012-08-09 10:52 ` bugzilla-daemon 2012-08-09 11:04 ` bugzilla-daemon 2013-02-18 22:00 ` bugzilla-daemon 2013-02-19 10:40 ` bugzilla-daemon 2013-02-19 13:58 ` bugzilla-daemon
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20120809085209.7AB7E2F78009@mail.ecoscentric.com \ --to=bugzilla-daemon@bugs.ecos.sourceware.org \ --cc=unassigned@bugs.ecos.sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).