From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9726 invoked by alias); 7 Dec 2008 17:43:48 -0000 Received: (qmail 9562 invoked by uid 48); 7 Dec 2008 17:42:26 -0000 Date: Sun, 07 Dec 2008 17:43:00 -0000 From: "kees at outflux dot net" To: glibc-bugs@sources.redhat.com Message-ID: <20081207174225.7075.kees@outflux.net> Reply-To: sourceware-bugzilla@sourceware.org Subject: [Bug libc/7075] New: sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?) X-Bugzilla-Reason: CC Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org X-SW-Source: 2008-12/txt/msg00037.txt.bz2 Anders Kaseorg noticed that the use of _FORTIFY_SOURCE breaks a specific use of sprintf (see attached): $ gcc -O0 -o foo foo.c && ./foo not fail $ gcc -O2 -o foo foo.c && ./foo not fail $ gcc -O2 -D_FORTIFY_SOURCE=2 -o foo foo.c && ./foo fail The original report was filed in Ubuntu, where -D_FORTIFY_SOURCE=2 is enabled by default: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/305901 C99 states: The sprintf function is equivalent to fprintf, except that the output is written into an array (specified by the argument s) rather than to a stream. A null character is written at the end of the characters written; it is not counted as part of the returned value. If copying takes place between objects that overlap, the behavior is undefined. The man page does not mention this limitation, and prior to the use of __sprintf_chk, this style of call worked as expected. As such, a large volume of source code uses this style of call: http://web.mit.edu/andersk/Public/sprintf-results It seems that it would make sense to fix __sprintf_chk, or very loudly mention the C99-described overlap-is-undefined behavior in sprintf documentation. -- Summary: sprintf(buf, "%sfoo", buf) has different results with - O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?) Product: glibc Version: 2.8 Status: NEW Severity: normal Priority: P2 Component: libc AssignedTo: drepper at redhat dot com ReportedBy: kees at outflux dot net CC: glibc-bugs at sources dot redhat dot com http://sourceware.org/bugzilla/show_bug.cgi?id=7075 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.