[Bug libc/29530] New: segfault in printf handling thousands separator

[Bug libc/29530] New: segfault in printf handling thousands separator

[godlygeek at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=29530

            Bug ID: 29530
           Summary: segfault in printf handling thousands separator
           Product: glibc
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: godlygeek at gmail dot com
                CC: drepper.fsp at gmail dot com
  Target Milestone: ---

printf segfaults when running:
```
#include <stdio.h>
#include <locale.h>

int main() {
    setlocale(LC_ALL, "en_US.UTF-8");
    printf("%'1000d\n", 1000);
}
```

Godbolt reproducer: https://godbolt.org/z/oaoqMv1v7

That's glibc 2.31, which is the newest I've been able to test with. This may be
the same issue as db6c4935, since it is crashing in memmove under
__vfprintf_internal - but if so, the impact analysis of that bug ("I believe
this code ... is unreachable in prior glibc releases") seems to have been
incorrect.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/29530] segfault in printf handling thousands separator

[schwab@linux-m68k.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29530

--- Comment #1 from Andreas Schwab <schwab@linux-m68k.org> ---
It is true as long as you have commit 6caddd34bd, but commit edc1686af0 didn't
take that into account.  Thus this bug only exists between 2.26 and 2.32.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/29530] segfault in printf handling thousands separator

[schwab@linux-m68k.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29530

Andreas Schwab <schwab@linux-m68k.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Version|unspecified                 |2.26

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/29530] segfault in printf handling thousands separator

[adhemerval.zanella at linaro dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29530

Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |adhemerval.zanella at linaro dot o
                   |                            |rg

--- Comment #2 from Adhemerval Zanella <adhemerval.zanella at linaro dot org> ---
(In reply to Andreas Schwab from comment #1)
> It is true as long as you have commit 6caddd34bd, but commit edc1686af0
> didn't take that into account.  Thus this bug only exists between 2.26 and
> 2.32.

It edc1686af0 the commit that might eventually require backport? In any case I
think we should close this bug since it does not happen on master.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/29530] segfault in printf handling thousands separator

[schwab@linux-m68k.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29530

--- Comment #3 from Andreas Schwab <schwab@linux-m68k.org> ---
edc1686af0 is the one that broke the test case.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/29530] segfault in printf handling thousands separator

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29530

--- Comment #4 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Andreas Schwab <schwab@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ca6466e8be32369a658035d69542d47603e58a99

commit ca6466e8be32369a658035d69542d47603e58a99
Author: Andreas Schwab <schwab@suse.de>
Date:   Mon Aug 29 15:05:40 2022 +0200

    Add test for bug 29530

    This tests for a bug that was introduced in commit edc1686af0 ("vfprintf:
    Reuse work_buffer in group_number") and fixed as a side effect of commit
    6caddd34bd ("Remove most vfprintf width/precision-dependent allocations
    (bug 14231, bug 26211).").

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/29530] segfault in printf handling thousands separator

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29530

--- Comment #5 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.30/master branch has been updated by Florian Weimer
<fw@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d0aac8b4833c725d0682108066a210bbb7cf3bf4

commit d0aac8b4833c725d0682108066a210bbb7cf3bf4
Author: Andreas Schwab <schwab@suse.de>
Date:   Mon Aug 29 15:05:40 2022 +0200

    Add test for bug 29530

    This tests for a bug that was introduced in commit edc1686af0 ("vfprintf:
    Reuse work_buffer in group_number") and fixed as a side effect of commit
    6caddd34bd ("Remove most vfprintf width/precision-dependent allocations
    (bug 14231, bug 26211).").

    (cherry picked from commit ca6466e8be32369a658035d69542d47603e58a99)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/29530] segfault in printf handling thousands separator

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29530

--- Comment #6 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.31/master branch has been updated by Florian Weimer
<fw@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c8f2a3e8038232f7707d11b4629f5d5cf32244fc

commit c8f2a3e8038232f7707d11b4629f5d5cf32244fc
Author: Andreas Schwab <schwab@suse.de>
Date:   Mon Aug 29 15:05:40 2022 +0200

    Add test for bug 29530

    This tests for a bug that was introduced in commit edc1686af0 ("vfprintf:
    Reuse work_buffer in group_number") and fixed as a side effect of commit
    6caddd34bd ("Remove most vfprintf width/precision-dependent allocations
    (bug 14231, bug 26211).").

    (cherry picked from commit ca6466e8be32369a658035d69542d47603e58a99)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/29530] segfault in printf handling thousands separator

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29530

--- Comment #7 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.29/master branch has been updated by Florian Weimer
<fw@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6da40102c73018dd88bb959e460fa1425270d395

commit 6da40102c73018dd88bb959e460fa1425270d395
Author: Andreas Schwab <schwab@suse.de>
Date:   Mon Aug 29 15:05:40 2022 +0200

    Add test for bug 29530

    This tests for a bug that was introduced in commit edc1686af0 ("vfprintf:
    Reuse work_buffer in group_number") and fixed as a side effect of commit
    6caddd34bd ("Remove most vfprintf width/precision-dependent allocations
    (bug 14231, bug 26211).").

    (cherry picked from commit ca6466e8be32369a658035d69542d47603e58a99)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/29530] segfault in printf handling thousands separator

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29530

--- Comment #8 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.28/master branch has been updated by Florian Weimer
<fw@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8b915921fbf4d32bf68fc3d637413cf96236b3fd

commit 8b915921fbf4d32bf68fc3d637413cf96236b3fd
Author: Andreas Schwab <schwab@suse.de>
Date:   Mon Aug 29 15:05:40 2022 +0200

    Add test for bug 29530

    This tests for a bug that was introduced in commit edc1686af0 ("vfprintf:
    Reuse work_buffer in group_number") and fixed as a side effect of commit
    6caddd34bd ("Remove most vfprintf width/precision-dependent allocations
    (bug 14231, bug 26211).").

    (cherry picked from commit ca6466e8be32369a658035d69542d47603e58a99)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/29530] segfault in printf handling thousands separator

[ppluzhnikov at google dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=29530

Paul Pluzhnikov <ppluzhnikov at google dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
                 CC|                            |ppluzhnikov at google dot com
         Resolution|---                         |FIXED
   Target Milestone|---                         |2.32

--- Comment #9 from Paul Pluzhnikov <ppluzhnikov at google dot com> ---
Fixed by https://sourceware.org/git/?p=glibc.git;a=commit;h=6caddd34bd

-- 
You are receiving this mail because:
You are on the CC list for the bug.