From: bugzilla-daemon@bugs.ecos.sourceware.org
To: ecos-patches@ecos.sourceware.org
Subject: [Bug 1001490] C99 snprintf() does not include terminated null in truncated strings
Date: Thu, 09 Aug 2012 08:52:00 -0000 [thread overview]
Message-ID: <20120809085209.39C9B2F78005@mail.ecoscentric.com> (raw)
In-Reply-To: <bug-1001490-104@http.bugs.ecos.sourceware.org/>
Please do not reply to this email. Use the web interface provided at:
http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001490
--- Comment #7 from Sergei Gavrikov <sergei.gavrikov@gmail.com> 2012-08-09 09:52:06 BST ---
(In reply to comment #6)
> (In reply to comment #5)
> > It's okay for ("%.18f\n", 3.14e-11)
> > 0.000000000031400000
>
> but not quite OK for these:
> ("%.18f\n", 3.1415926E-11)
> eCos: "0.000000000031400000"
> glib: "0.000000000031415926"
>
> ("%.18f\n", DBL_MAX*2)
> eCos: "inf000"
> glib: "inf"
>
>
> > But the padding/zeroing will be wrong for %e, %E, when requested prec >
> > MAXPREC.
>
> but also for %g: this does work like %e, when the value is >=10^prec or <=10^-4
>
> > Well, it looks like my fix (Suzuki did talk about the same point which I
> > found in GDB), but my workaround was
> > if (prec > MAXFRACT) {
> > if ((ch == 'f' && ch == 'F') || (flags&ALT)) {
> > fpprec = prec - MAXFRACT;
> > prec = MAXFRACT;
> > }
> > } else if (prec == -1)
>
> ok, but with this patch there will be a crash in printf("%.999e", x)
You're right. I had not tested it enough.
> limiting prec MAXFRACT helps to avoid the buffer overrun in "cvt"
> however with DBL_MAX the buffer size BUF 2 characters too small as I said.
>
> I tried to solve it this way:
>
> diff -Nur
> ecos-cvs-120723/packages/language/c/libc/stdio/current/src/output/vfnprintf.cxx
> ecos/packages/language/c/libc/stdio/current/src/output/vfnprintf.cxx
> ---
> ecos-cvs-120723/packages/language/c/libc/stdio/current/src/output/vfnprintf.cxx
> 2009-08-20 18:09:18.000000000 +0200
> +++ ecos/packages/language/c/libc/stdio/current/src/output/vfnprintf.cxx
> 2012-08-07 10:16:48.809576300 +0200
> @@ -107,7 +107,7 @@
> # define MAXFRACT DBL_DIG
> # define MAXEXP DBL_MAX_10_EXP
>
> -# define BUF (MAXEXP+MAXFRACT+1) /* + decimal point */
> +# define BUF (MAXEXP+MAXFRACT+3) /* + decimal point + rounding
> */
> # define DEFPREC 6
>
> static int
> @@ -420,7 +420,7 @@
> * zeroes later, so buffer size stays rational.
> */
> if (prec > MAXFRACT) {
> - if ((ch != 'g' && ch != 'G') || (flags&ALT))
> + if (ch == 'f' || ch == 'F')
> fpprec = prec - MAXFRACT;
> prec = MAXFRACT;
> } else if (prec == -1)
>
>
> This way there are no buffer overruns, and the added zeros are at least
> never in the exponent. That would at least be a interim solution...
Yes, as for me it's better than nothing. BTW, tonight I found a few points on
+3. E.g.
http://sources.redhat.com/ml/newlib/2003/msg00610.html
http://svn.deepdarc.com/code/contiki/trunk/cpu/stm32w108/hal/micro/cortexm3/e_stdio/src/small_vfsscanf.c
> But I start to think that the "cvt" function will need a complete re-write
> for strict conformance. And another point would be, that when you look at
> the vfnprintf function in the assembler (ARM9, eCosCentric GNU tools 4.3.2-sw)
>
> vfnprintf:stmdb r13!,{r4-r11,r14}
> sub r13,r13,#0x30C
>
> This function needs 816 bytes on the stack,
> even if you do not use any %f formats!
>
> Maybe reducing this number could be worth the effort.
Even if CYGSEM_LIBC_STDIO_PRINTF_FLOATING_POINT is not defined?
Bernd, could you, please, prepare the patch on 0-padding with ChangeLog
entry? It seems to me the patch can be submitted for bug #20804
record.
Thank you,
Sergei
--
Configure bugmail: http://bugs.ecos.sourceware.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
next prev parent reply other threads:[~2012-08-09 8:52 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-19 13:11 [Bug 1001490] New: " bugzilla-daemon
2012-06-27 18:37 ` [Bug 1001490] " bugzilla-daemon
2012-08-07 10:06 ` bugzilla-daemon
2012-08-07 16:44 ` bugzilla-daemon
2012-08-08 7:31 ` bugzilla-daemon
2012-08-08 16:58 ` bugzilla-daemon
2012-08-09 7:50 ` bugzilla-daemon
2012-08-09 8:52 ` bugzilla-daemon [this message]
2012-08-09 10:00 ` bugzilla-daemon
2012-08-09 10:52 ` bugzilla-daemon
2012-08-09 11:04 ` bugzilla-daemon
2013-02-18 22:00 ` bugzilla-daemon
2013-02-19 10:40 ` bugzilla-daemon
2013-02-19 13:58 ` bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120809085209.39C9B2F78005@mail.ecoscentric.com \
--to=bugzilla-daemon@bugs.ecos.sourceware.org \
--cc=ecos-patches@ecos.sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).