From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 31023 invoked by alias); 18 Feb 2015 14:27:00 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Received: (qmail 30756 invoked by uid 48); 18 Feb 2015 14:26:56 -0000 From: "fweimer at redhat dot com" To: glibc-bugs@sourceware.org Subject: [Bug stdio/17829] Incorrect handling of precision specifier in printf family Date: Wed, 18 Feb 2015 14:27:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: stdio X-Bugzilla-Version: 2.19 X-Bugzilla-Keywords: X-Bugzilla-Severity: critical X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-02/txt/msg00224.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=3D17829 Florian Weimer changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |codonell at redhat dot com --- Comment #1 from Florian Weimer --- Carlos, do you remember what the =E2=80=9C32=E2=80=9D in stdio-common/vfpri= ntf.c guards against? (You helped to fix some overflow-related issues in this area.) 1574 if (prec > width 1575 && prec > sizeof (work_buffer) / sizeof (work_buffer[0]) - 32) 1576 { 1577 if (__glibc_unlikely (prec >=3D INT_MAX / sizeof (CHAR_T)= - 32)) 1578 { 1579 __set_errno (EOVERFLOW); 1580 done =3D -1; 1581 goto all_done; 1582 } 1583 size_t needed =3D ((size_t) prec + 32) * sizeof (CHAR_T); I'm a bit at a loss here. Certainly, this use is not recommended because printf will allocate tons of memory as part of the format processing. --=20 You are receiving this mail because: You are on the CC list for the bug. >>From glibc-bugs-return-27490-listarch-glibc-bugs=sources.redhat.com@sourceware.org Wed Feb 18 14:27:30 2015 Return-Path: Delivered-To: listarch-glibc-bugs@sources.redhat.com Received: (qmail 527 invoked by alias); 18 Feb 2015 14:27:30 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Delivered-To: mailing list glibc-bugs@sourceware.org Received: (qmail 31876 invoked by uid 48); 18 Feb 2015 14:27:26 -0000 From: "fweimer at redhat dot com" To: glibc-bugs@sourceware.org Subject: [Bug libc/17825] Incorrect return value for string functions invoked with size_t parameter having the most significant bit set on Sparc V9 Date: Wed, 18 Feb 2015 14:27:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security? X-Bugzilla-Changed-Fields: flagtypes.name Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-02/txt/msg00225.txt.bz2 Content-length: 378 https://sourceware.org/bugzilla/show_bug.cgi?id=17825 Florian Weimer changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |security? -- You are receiving this mail because: You are on the CC list for the bug.