From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-222882-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 5181 invoked by alias); 30 Jun 2007 00:32:26 -0000
Received: (qmail 5140 invoked by uid 48); 30 Jun 2007 00:32:17 -0000
Date: Sat, 30 Jun 2007 00:32:00 -0000
Message-ID: <20070630003217.5139.qmail@sourceware.org>
X-Bugzilla-Reason: CC
References: <bug-32554-6318@http.gcc.gnu.org/bugzilla/>
Subject: [Bug fortran/32554] [4.3 regression] Bug in P formatting
In-Reply-To: <bug-32554-6318@http.gcc.gnu.org/bugzilla/>
Reply-To: gcc-bugzilla@gcc.gnu.org
To: gcc-bugs@gcc.gnu.org
From: "kargl at gcc dot gnu dot org" <gcc-bugzilla@gcc.gnu.org>
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
X-SW-Source: 2007-06/txt/msg02860.txt.bz2



------- Comment #4 from kargl at gcc dot gnu dot org  2007-06-30 00:32 -------
(In reply to comment #3)
> This appears to fix it but I am not sure yet.  More testing.
> 
>     */
>  #ifdef HAVE_SNPRINTF
> -  snprintf (buffer, sizeof (buffer), "%+-#" STR(MIN_FIELD_WIDTH) ".*"
> +  snprintf (buffer, sizeof (buffer)+1, "%+-#" STR(MIN_FIELD_WIDTH) ".*"
>            GFC_REAL_LARGEST_FORMAT "e", ndigits - 1, value);

Are you sure?  That looks like a buffer overflow.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32554