Make your own free website on Tripod.com
glibc-2.1.2's printf segfaults on unreasonable format string



To: bug-glibc at gnu dot org
Subject: glibc-2.1.2's printf segfaults on unreasonable format string
From: Jim Meyering <meyering at ascend dot com>
Date: 19 Dec 1999 09:02:15 +0100
Cc: Ryan Daniels <ryand at iwaynet dot net>
Cc: sh-utils-bugs at gnu dot org


Hi,

A recent report against sh-utils' printf (included below) led me to the
conclusion that there is a bug in GNU libc's implementation of printf.
BTW, this works fine when using Solaris5.6 libraries.

  $ cat > k.c
  int
  main ()
  {
    printf ("%.50000000f\n", 1.0);
    exit (0);
  }

Note that if I use %.5000000f, there is no failure and
5000003 bytes in the output.

  $ gcc -O -Wall k.c;./a.out 9 > k
  k.c: In function `main':
  k.c:4: warning: implicit declaration of function `printf'
  Segmentation fault
  $ ldd a.out
          libc.so.6 => /lib/libc.so.6 (0x40018000)
          /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
  $ lst /lib/libc
  libc-2.1.2.so*     libc.so.4.7.6*     libcom_err.so.2@   libcrypt-2.1.2.so
  libc.so.4@         libc.so.6@         libcom_err.so.2.0  libcrypt.so.1@
 


From: Ryan Daniels <ryand@iwaynet.net>
Reply-To: ryand@iwaynet.net
To: sh-utils-bugs@gnu.org
Subject: printf bug
Date: Sat, 18 Dec 1999 17:55:28 +0000
 

  The following line caused printf to segfault and do a core dump on my system:

  printf "%.500000000000f" 9.0000000000000000001

  My system info:

  printf (GNU sh-utils) 1.16
  i586
  Kernel 2.2.12
  Redhat 5.2
  libc-5.3.12-27
  glibc-2.0.7-29



Re: glibc-2.1.2's printf segfaults on unreasonable format string

To: Jim Meyering <meyering at ascend dot com>
Subject: Re: glibc-2.1.2's printf segfaults on unreasonable format string
From: Ulrich Drepper <drepper at cygnus dot com>
Date: 19 Dec 1999 00:25:24 -0800
Cc: bug-glibc at gnu dot org, Ryan Daniels <ryand at iwaynet dot net>, sh-utils-bugs at gnu dot org
References: <urypuw3cq9k.fsf@ixi.eng.ascend.com>
Reply-To: drepper at cygnus dot com (Ulrich Drepper)

Jim Meyering <meyering@ascend.com> writes:

>A recent report against sh-utils' printf (included below) led me to the
> conclusion that there is a bug in GNU libc's implementation of printf.
> BTW, this works fine when using Solaris5.6 libraries.

 It's not atually a bug since such a format is well beyond the limits an implementation has to support.  I've fixed it nevertheless for 2.1.3 and you'll get now enormously long output in this case (given enough virtual memory that is).

--
---------------.      drepper at gnu.org  ,-.   1325 Chesapeake Terrace
Ulrich Drepper  \    ,-------------------'   \  Sunnyvale, CA 94089 USA
Cygnus Solutions `--' drepper at cygnus.com   `------------------------