| Anonymous | Login | Signup for a new account | 11-10-2008 12:31 PST |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0004214 | [BusyBox] Other | minor | always | 07-17-08 16:37 | 08-19-08 17:56 | ||||
| Reporter | cristic | View Status | public | ||||||
| Assigned To | BusyBox | ||||||||
| Priority | normal | Resolution | fixed | ||||||
| Status | closed | Product Version | svn | ||||||
| Summary | 0004214: printf reads uninitialized memory | ||||||||
| Description |
Hello, here is a test case that leads printf to read uninitialized memory: ./printf "%Ld\n" 10 39860182724902922 (output varies, since it reads garbage) The problem is that this execution eventually invokes libc's printf with the same format specifier, and with the second argument my_xstrtol("10"). This returns a long (4 bytes on my machine), which is printed as a long long (8 bytes on my machine). Unfortunately, I don't see an easy fix here, because most conversion routines in Busybox seem to return longs. --Cristian |
||||||||
| Additional Information | |||||||||
| Attached Files |
 6.patch [^] (1,562 bytes) 07-18-08 11:40 |
||||||||
|
|
|||||||||
 Relationships |
|
|
Notes |
|
|
(0009754) vda 07-18-08 11:42 |
Indded. Please test 6.patch. |
|
(0009764) cristic 07-18-08 16:49 |
This patch does prevent reading garbage when length modifiers are used, but the fix also prevents printing valid large numbers: $ busybox/printf "%Ld\n" 123123123123 printf: 123123123123: invalid number 0 $ coreutils/printf "%Ld\n" 123123123123 123123123123 |
|
(0009794) vda 07-19-08 01:24 |
They were not printed before too, so patch does not break anything. As before, we handle long-sized integers maximum. The patch IIRC even explains where this can be fixed if needed. |
|
(0009804) cristic 07-19-08 15:21 |
I agree it doesn't break anything. If long long support is not a concern for now, we can close this report. Thanks. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 07-17-08 16:37 | cristic | New Issue | |
| 07-17-08 16:37 | cristic | Status | new => assigned |
| 07-17-08 16:37 | cristic | Assigned To | => BusyBox |
| 07-17-08 16:37 | cristic | Issue Monitored: cristic | |
| 07-18-08 11:40 | vda | File Added: 6.patch | |
| 07-18-08 11:42 | vda | Note Added: 0009754 | |
| 07-18-08 16:49 | cristic | Note Added: 0009764 | |
| 07-19-08 01:24 | vda | Note Added: 0009794 | |
| 07-19-08 15:21 | cristic | Note Added: 0009804 | |
| 08-19-08 17:56 | vda | Status | assigned => closed |
| 08-19-08 17:56 | vda | Resolution | open => fixed |
| 08-19-08 17:56 | vda | Fixed in Version | => svn |
| Copyright © 2000 - 2006 Mantis Group |  |
