From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 6DD3F3858D28 for ; Tue, 3 Oct 2023 17:31:47 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6DD3F3858D28 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1696354307; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=RcGg+RWw2qy78DpI7O6JRdEfltKmgwlOAAKKip6S7+M=; b=hqnKCChfuJTLjfy7Eqh1YMWrlQDsV2bZfB8YMift4Dk2mTiz/ObfUs3jBWwda2aKWDrQYA aWXkXMt+Ultfo+X5FC4KYPIZozOztLzxHR40j0c6ilD2YMUVZotgKDOm3BqhwYUOK9dsMD AvamZqzWLYxDFgXWmLsTku+XvPyfr7Q= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-637-m4iAnsQwMUyCwohHF_Guxw-1; Tue, 03 Oct 2023 13:31:45 -0400 X-MC-Unique: m4iAnsQwMUyCwohHF_Guxw-1 Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-9b2d2d8f9e0so22063066b.1 for ; Tue, 03 Oct 2023 10:31:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696354303; x=1696959103; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RcGg+RWw2qy78DpI7O6JRdEfltKmgwlOAAKKip6S7+M=; b=Kp7Xgq8v0jbv35s8tu9RIpgr4qO+LKIOSWteigGKUFJ93adY1HeJJ+goZq8gLf2c/b 4Z1eQdvvByRNBXZ0qkxpDATDeeInwHb87LhOJcFUIkbCGh0AstzSw5jpGR8GCKgIk3Jh YJSdv0V39MjbKIMv6qyhdtmBg7SZUCIfrVwwbvvjJYayw3CFvbqnbDtm2YsFnNXp0x7P hM3+kZESHbGMysa80ZYsfzno+wIkYmXXMy4u9FtZNmkXBWX/NFUR+DiVdaFNxm/Kfqm+ uyn5ZrvPfcpnWBKuz5f93AVMscasRRPr77ItmgRQmpTP56UiQw8V0SGRjrndMp/98Z5+ es9A== X-Gm-Message-State: AOJu0YwBKri19mw0RfkDN4jJt+yyM2htzcCkuvGg+zAoJMQusf1e3hF0 1ecrWB2DJTA7Cfy9qRmMrrIiYvk1OJUn3oHWTI7TNCirUPuwYq/3fDmMM/Muo+Wz+5/PZ5Oya9Y K84Rv9u691M+gyryDaXoYPWZiY2K0Hc2YpcZVkUs= X-Received: by 2002:a17:906:105d:b0:9ae:5868:c8c9 with SMTP id j29-20020a170906105d00b009ae5868c8c9mr12024366ejj.0.1696354303161; Tue, 03 Oct 2023 10:31:43 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEn7PPE+MzqAM5Sy2NQ59j21YmEaZmGGmobnck162pdNyOsGX9z2xbv3fah3wDDhTOs2O1YRauAZo+BZsGytpY= X-Received: by 2002:a17:906:105d:b0:9ae:5868:c8c9 with SMTP id j29-20020a170906105d00b009ae5868c8c9mr12024355ejj.0.1696354302867; Tue, 03 Oct 2023 10:31:42 -0700 (PDT) MIME-Version: 1.0 References: <20230926124147.a4dd18b495c6e0347a64fec0@nifty.ne.jp> <20230926173013.30bcc1e76ca307935d4d5950@nifty.ne.jp> <20231003173017.e0108aee52bc579bde71abe0@nifty.ne.jp> In-Reply-To: <20231003173017.e0108aee52bc579bde71abe0@nifty.ne.jp> From: Jeff Johnston Date: Tue, 3 Oct 2023 13:31:30 -0400 Message-ID: Subject: Re: fprintf() crashes on wide-oriented stream. To: Takashi Yano Cc: newlib@sourceware.org X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: multipart/alternative; boundary="000000000000a2d5cc0606d3430a" X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --000000000000a2d5cc0606d3430a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I'll look at it. -- Jeff J. On Tue, Oct 3, 2023 at 4:30=E2=80=AFAM Takashi Yano wrote: > Ping? > > Is this Corinna's domain? > > On Tue, 26 Sep 2023 17:30:13 +0900 > Takashi Yano wrote: > > On Tue, 26 Sep 2023 12:41:47 +0900 > > Takashi Yano wrote: > > > Hi, > > > > > > I noticed that the following test case crashes at printf() with curre= nt > > > newlib. > > > > > > > > > #include > > > #include > > > #include > > > > > > int main() > > > { > > > setlocale(LC_ALL, "C.UTF-8"); > > > wprintf(L"%ls\n", L"aaaa"); /* or fwide(stdout, 1); */ > > > printf("%ls\n", L"bbbb"); /* <--- crash here */ > > > return 0; > > > } > > > > > > > > > I looked into this problem and found the cause. > > > > > > A narrow char string which can be odd bytes in length is cast into > > > a wide char string which should be even bytes in length in __sprint_r/ > > > __sfputs_r based on the __SWID flag. As a result, if the length is > > > odd bytes, the reading buffer runs over the buffer length, which caus= es > > > a crash. If the length is even bytes, crash does not happen, but > garbage > > > is printed. This hapens if printf("%ls\r\n", L"bbbb"); is used instea= d. > > > ^^ > > > > > > The same issue seemed to be reported ten years ago. > > > https://sourceware.org/pipermail/newlib/2013/010831.html > > > > > > I have built a patch attached for this issue. > > > > > > With this patch, __sfputs_r/__sprint_r is split into two versions, one > > > is for vfprintf which does not handle wide string, and the other (new= ly > > > introduced __sfputws_r/__swprin_r) is for vfwprintf which handles wide > > > string. Please note that fprintf gets working for wide orient stream > > > just like BSD libc, which behaves differently from GNU libc. > > > > > > This patch also fixes nano-vfprintf.c as well as vfprintf.c/vfwprintf= .c > > > in the same manner. > > > > v2: Remove __sprint_r from nano-vfprintf.c which does not seem to be us= ed > > anymore. > > > > -- > > Takashi Yano > > > -- > Takashi Yano > > --000000000000a2d5cc0606d3430a--