* [Bug libc/7075] sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?)
2008-12-07 17:43 [Bug libc/7075] New: sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?) kees at outflux dot net
@ 2008-12-07 17:44 ` kees at outflux dot net
2008-12-07 17:52 ` schwab at suse dot de
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: kees at outflux dot net @ 2008-12-07 17:44 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From kees at outflux dot net 2008-12-07 17:42 -------
Created an attachment (id=3095)
--> (http://sourceware.org/bugzilla/attachment.cgi?id=3095&action=view)
test case
--
http://sourceware.org/bugzilla/show_bug.cgi?id=7075
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libc/7075] sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?)
2008-12-07 17:43 [Bug libc/7075] New: sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?) kees at outflux dot net
2008-12-07 17:44 ` [Bug libc/7075] " kees at outflux dot net
@ 2008-12-07 17:52 ` schwab at suse dot de
2008-12-07 18:36 ` kees at outflux dot net
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: schwab at suse dot de @ 2008-12-07 17:52 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From schwab at suse dot de 2008-12-07 17:49 -------
sprintf(buf, "%sfoo", buf) is UNDEFINED.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
http://sourceware.org/bugzilla/show_bug.cgi?id=7075
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libc/7075] sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?)
2008-12-07 17:43 [Bug libc/7075] New: sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?) kees at outflux dot net
2008-12-07 17:44 ` [Bug libc/7075] " kees at outflux dot net
2008-12-07 17:52 ` schwab at suse dot de
@ 2008-12-07 18:36 ` kees at outflux dot net
2008-12-07 19:08 ` schwab at suse dot de
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: kees at outflux dot net @ 2008-12-07 18:36 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From kees at outflux dot net 2008-12-07 18:33 -------
Thanks for the clarification. However, I think it is still a bug that the
limitation is not mentioned in the manpage.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |
http://sourceware.org/bugzilla/show_bug.cgi?id=7075
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libc/7075] sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?)
2008-12-07 17:43 [Bug libc/7075] New: sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?) kees at outflux dot net
` (2 preceding siblings ...)
2008-12-07 18:36 ` kees at outflux dot net
@ 2008-12-07 19:08 ` schwab at suse dot de
2008-12-07 22:57 ` jakub at redhat dot com
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: schwab at suse dot de @ 2008-12-07 19:08 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From schwab at suse dot de 2008-12-07 19:05 -------
Then contact whoever wrote it.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution| |INVALID
http://sourceware.org/bugzilla/show_bug.cgi?id=7075
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libc/7075] sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?)
2008-12-07 17:43 [Bug libc/7075] New: sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?) kees at outflux dot net
` (3 preceding siblings ...)
2008-12-07 19:08 ` schwab at suse dot de
@ 2008-12-07 22:57 ` jakub at redhat dot com
2008-12-07 23:39 ` pasky at suse dot cz
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: jakub at redhat dot com @ 2008-12-07 22:57 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From jakub at redhat dot com 2008-12-07 22:56 -------
man 3p sprintf certainly documents it:
"If copying takes place between objects that overlap as a result of a call
to sprintf() or snprintf(), the results are undefined."
--
http://sourceware.org/bugzilla/show_bug.cgi?id=7075
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libc/7075] sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?)
2008-12-07 17:43 [Bug libc/7075] New: sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?) kees at outflux dot net
` (4 preceding siblings ...)
2008-12-07 22:57 ` jakub at redhat dot com
@ 2008-12-07 23:39 ` pasky at suse dot cz
2008-12-19 16:58 ` mtk dot manpages at gmail dot com
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: pasky at suse dot cz @ 2008-12-07 23:39 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From pasky at suse dot cz 2008-12-07 23:38 -------
I have submitted a patch for linux-manpages:
http://thread.gmane.org/gmane.linux.man/639
--
http://sourceware.org/bugzilla/show_bug.cgi?id=7075
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libc/7075] sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?)
2008-12-07 17:43 [Bug libc/7075] New: sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?) kees at outflux dot net
` (5 preceding siblings ...)
2008-12-07 23:39 ` pasky at suse dot cz
@ 2008-12-19 16:58 ` mtk dot manpages at gmail dot com
2008-12-24 17:41 ` kees at outflux dot net
2009-02-05 8:55 ` lidaobing at gmail dot com
8 siblings, 0 replies; 10+ messages in thread
From: mtk dot manpages at gmail dot com @ 2008-12-19 16:58 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From mtk dot manpages at gmail dot com 2008-12-19 16:57 -------
(In reply to comment #6)
> I have submitted a patch for linux-manpages:
> http://thread.gmane.org/gmane.linux.man/639
I've applied the following patch for man-pages-3.16.
--- a/man3/printf.3
+++ b/man3/printf.3
@@ -133,6 +133,17 @@ string that specifies how subsequent arguments (or
arguments accessed via
the variable-length argument facilities of
.BR stdarg (3))
are converted for output.
+
+C99 and POSIX.1-2001 specify that the results are undefined if a call to
+.BR sprintf (),
+.BR snprintf (),
+.BR vsprintf (),
+or
+.BR vsnprintf ()
+would cause to copying to take place between objects that overlap
+(e.g., if the target string array and one of the supplied input arguments
+refer to the same buffer).
+See NOTES.
.SS "Return value"
Upon successful return, these functions return the number of characters
printed (not including the
@@ -851,6 +862,26 @@ and conversion characters \fBa\fP and \fBA\fP.
glibc 2.2 adds the conversion character \fBF\fP with C99 semantics,
and the flag character \fBI\fP.
.SH NOTES
+Some programs imprudently rely on code such as the following
+
+ sprintf(buf, "%s some further text", buf);
+
+to append text to
+.IR buf .
+However, the standards explicitly note that the results are undefined
+if source and destination buffers overlap when calling
+.BR sprintf (),
+.BR snprintf (),
+.BR vsprintf (),
+and
+.BR vsnprintf ().
+.\" http://sourceware.org/bugzilla/show_bug.cgi?id=7075
+Depending on the version of
+.BR gcc (1)
+used, and the compiler options employed, calls such as the above will
+.B not
+produce the expected results.
+
The glibc implementation of the functions
.BR snprintf ()
and
--
http://sourceware.org/bugzilla/show_bug.cgi?id=7075
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libc/7075] sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?)
2008-12-07 17:43 [Bug libc/7075] New: sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?) kees at outflux dot net
` (6 preceding siblings ...)
2008-12-19 16:58 ` mtk dot manpages at gmail dot com
@ 2008-12-24 17:41 ` kees at outflux dot net
2009-02-05 8:55 ` lidaobing at gmail dot com
8 siblings, 0 replies; 10+ messages in thread
From: kees at outflux dot net @ 2008-12-24 17:41 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From kees at outflux dot net 2008-12-24 17:40 -------
Created an attachment (id=3625)
--> (http://sourceware.org/bugzilla/attachment.cgi?id=3625&action=view)
work-around pre-trunc behavior
This patch restores the prior sprintf behavior. Looking through
_IO_str_init_static_internal seems to indicate that nothing actually requires
"s" to lead with a NULL. Is there anything wrong with this work-around, which
could be used until the number of affected upstream sources is not quite so
large?
--
http://sourceware.org/bugzilla/show_bug.cgi?id=7075
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libc/7075] sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?)
2008-12-07 17:43 [Bug libc/7075] New: sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?) kees at outflux dot net
` (7 preceding siblings ...)
2008-12-24 17:41 ` kees at outflux dot net
@ 2009-02-05 8:55 ` lidaobing at gmail dot com
8 siblings, 0 replies; 10+ messages in thread
From: lidaobing at gmail dot com @ 2009-02-05 8:55 UTC (permalink / raw)
To: glibc-bugs
--
What |Removed |Added
----------------------------------------------------------------------------
CC| |lidaobing at gmail dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=7075
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 10+ messages in thread