delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2021/11/18/06:36:40

X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 874C5385AC31
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
s=default; t=1637235398;
bh=6hKj3jN8ZdnoL4NnmNNkblg3CcKN4bEDPZJtCMWjJxY=;
h=Date:To:Subject:In-Reply-To:References:List-Id:List-Unsubscribe:
List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
From;
b=lTSWSZtEDgG7X/csEsNv80BbLr135Wa3kQxWtzJKLyeRaV/FpCmlB1PEDwfH9qy7n
oBT/Xu/wmmRP7nyLUGQCrwiM3gDrNJglVwySW6rQDQ2izOnw2bi1MZ6/8MrwDVubxS
L1DP1XqHyScEh58bK7fPhvUZX8/VkwG3pcvzQTmI=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 33545385AC0A
DKIM-Filter: OpenDKIM Filter v2.10.3 conssluserg-01.nifty.com 1AIBZbWg015030
X-Nifty-SrcIP: [110.4.221.123]
Date: Thu, 18 Nov 2021 20:35:38 +0900
To: cygwin AT cygwin DOT com
Subject: Re: possible snprintf() regression in 3.3.2
Message-Id: <20211118203538.a049809d57731fe375801c15@nifty.ne.jp>
In-Reply-To: <20211118000649.GG10332@venus.tony.develop-help.com>
References: <20211117003718 DOT GF10332 AT venus DOT tony DOT develop-help DOT com>
<20211117182108 DOT b38599f5e13071bf269a0d48 AT nifty DOT ne DOT jp>
<YZT1S8wDnaBuYf5u AT calimero DOT vinschen DOT de>
<20211118000649 DOT GG10332 AT venus DOT tony DOT develop-help DOT com>
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.30; i686-pc-mingw32)
Mime-Version: 1.0
X-Spam-Status: No, score=-10.6 required=5.0 tests=BAYES_00, DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_NUMSUBJECT,
NICE_REPLY_A, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS,
TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
server2.sourceware.org
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.29
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Takashi Yano via Cygwin <cygwin AT cygwin DOT com>
Reply-To: Takashi Yano <takashi DOT yano AT nifty DOT ne DOT jp>
Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com> 

On Thu, 18 Nov 2021 11:06:49 +1100
Tony Cook wrote:
> On Wed, Nov 17, 2021 at 01:27:55PM +0100, Corinna Vinschen via Cygwin wrote:
> > I don't have a good solution.  The old ldtoa code is lacking, for
> > switching newlib to gdtoa I simply don't have the time.  On the newlib
> > list was a short discussion starting at
> > https://sourceware.org/pipermail/newlib/2021/018626.html but nothing
> > came out of it yet.
> > 
> > Patches gratefully accepted (except just reverting the above change).
> 
> From what I can tell the problem has nothing to do with the extra
> precision, but has to do with misusing ndigits for the buffer size
> with a %f format string, leading to a buffer overflow.
> 
> At entry to _ldtoa_r() ndigits is 9, but for a %f format with a large
> number the number of digits is more closely related to the magnitude
> of the number, not ndigits.
> 
> With the input number (9e99) and the supplied format I'd expect 109
> characters output, but outbuf is only:
> 
>    ndigits + MAX_EXP_DIGITS + 10 = 9 + 5 + 10 = 24
> 
> characters in length.

Then, isn't the following the right thing?

diff --git a/newlib/libc/stdlib/ldtoa.c b/newlib/libc/stdlib/ldtoa.c
index 7da61457b..826a1b2ed 100644
--- a/newlib/libc/stdlib/ldtoa.c
+++ b/newlib/libc/stdlib/ldtoa.c
@@ -2794,6 +2794,7 @@ _ldtoa_r (struct _reent *ptr, long double d, int mode, int ndigits,
   LDPARMS rnd;
   LDPARMS *ldp = &rnd;
   char *outstr;
+  char outbuf[NDEC + MAX_EXP_DIGITS + 10];
   union uconv du;
   du.d = d;
 
@@ -2840,8 +2841,6 @@ _ldtoa_r (struct _reent *ptr, long double d, int mode, int ndigits,
   if (ndigits > NDEC)
     ndigits = NDEC;
 
-  char outbuf[ndigits + MAX_EXP_DIGITS + 10];
-
   etoasc (e, outbuf, ndigits, mode, ldp);
   s = outbuf;
   if (eisinf (e) || eisnan (e))


-- 
Takashi Yano <takashi DOT yano AT nifty DOT ne DOT jp>

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019