public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/6530] New: *printf() and incomplete multibyte sequences may cause infinite loops
@ 2008-05-18 10:23 madcoder at debian dot org
  2008-05-18 10:24 ` [Bug libc/6530] " madcoder at debian dot org
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: madcoder at debian dot org @ 2008-05-18 10:23 UTC (permalink / raw)
  To: glibc-bugs

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 1872 bytes --]

With the following testcase, it happens while it shouldn't, according to
the manual:
-----8<-------
#include <stdio.h>
#include <locale.h>

#define STR "²éľÂíɱ²¡¶¾£¬ÖܺèµtÄúµÄ360²»×¨Òµ£¡"

int main(void) {
        char buf[200];
        setlocale(LC_ALL, "");
        printf("%d\n", snprintf(buf, 150, "%.50s", STR));
        return 0;
}
----->8-------

The manual page has this to say:
 About precision:
  An optional precision, in the form of a period (&#8216;.&#8217;)  followed by an
  optional decimal digit string.(...) This gives (...) the maximum
  number of characters to be printed from a string for s and S
  conversions.

 About s:
  If no l modifier is present: The const char * argument is expected to
  be a pointer to an array of character type(...)

  If an l modifier is present: The const wchar_t * argument is expected
  to be a pointer to an array of wide characters.  Wide characters from
  the  array  are converted  to  multibyte  characters (...)

There is no "l" modifier, but still, the string goes through the
multibyte conversion code, and fails because the string is invalid
multibyte.

Note, it only works with non UTF-8 locale set in LC_CTYPE or LC_ALL.

This is debian bug http://bugs.debian.org/208308

-- 
           Summary: *printf() and incomplete multibyte sequences may cause
                    infinite loops
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: drepper at redhat dot com
        ReportedBy: madcoder at debian dot org
                CC: glibc-bugs at sources dot redhat dot com


http://sourceware.org/bugzilla/show_bug.cgi?id=6530

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2010-08-30 13:47 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-05-18 10:23 [Bug libc/6530] New: *printf() and incomplete multibyte sequences may cause infinite loops madcoder at debian dot org
2008-05-18 10:24 ` [Bug libc/6530] " madcoder at debian dot org
2008-05-18 10:39 ` [Bug libc/6530] *printf() and incomplete multibyte sequences returns -1 bogusly madcoder at debian dot org
2008-05-18 10:39 ` [Bug libc/6530] *printf() and incomplete multibyte sequences may cause infinite loops madcoder at debian dot org
2010-08-30 13:57 ` [Bug libc/6530] *printf() and incomplete multibyte sequences returns -1 bogusly avarab at gmail dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).