Sophie: glibc-2.5-49.el5

glibc-2.5-49.el5_5.5.src.rpm

2007-05-04  Ulrich Drepper  <drepper@redhat.com>

	* stdio-common/vfprintf.c (process_string_arg): Adjust call to
	__mbsnrtowcs after last change.

2007-05-02  Jakub Jelinek  <jakub@redhat.com>

	* stdio-common/vfprintf.c (process_string_arg): Use a VLA rather than
	fixed length array for ignore.

2007-04-30  Ulrich Drepper  <drepper@redhat.com>

	[BZ #4438]
	* stdio-common/vfprintf.c (process_string_arg): Don't overflow the
	stack for large precisions.
	* stdio-common/test-vfprintf.c (main): Add test for large
	precision.

--- libc/stdio-common/vfprintf.c	17 Mar 2007 17:08:56 -0000	1.135
+++ libc/stdio-common/vfprintf.c	5 May 2007 04:41:35 -0000	1.138
@@ -1160,19 +1160,26 @@ vfprintf (FILE *s, const CHAR_T *format,
 		else							      \
 		  {							      \
 		    /* In case we have a multibyte character set the	      \
-		       situation is more compilcated.  We must not copy	      \
+		       situation is more complicated.  We must not copy	      \
 		       bytes at the end which form an incomplete character. */\
-		    wchar_t ignore[prec];				      \
+		    size_t ignore_size = (unsigned) prec > 1024 ? 1024 : prec;\
+		    wchar_t ignore[ignore_size];			      \
 		    const char *str2 = string;				      \
-		    mbstate_t ps;					      \
+		    const char *strend = string + prec;			      \
+		    if (strend < string)				      \
+		      strend = (const char *) UINTPTR_MAX;		      \
 									      \
+		    mbstate_t ps;					      \
 		    memset (&ps, '\0', sizeof (ps));			      \
-		    if (__mbsnrtowcs (ignore, &str2, prec, prec, &ps)	      \
-			== (size_t) -1)					      \
-		      {							      \
-			done = -1;					      \
-			goto all_done;					      \
-		      }							      \
+									      \
+		    while (str2 != NULL && str2 < strend)		      \
+		      if (__mbsnrtowcs (ignore, &str2, strend - str2,	      \
+					ignore_size, &ps) == (size_t) -1)     \
+			{						      \
+			  done = -1;					      \
+			  goto all_done;				      \
+			}						      \
+									      \
 		    if (str2 == NULL)					      \
 		      len = strlen (string);				      \
 		    else						      \
--- libc/stdio-common/test-vfprintf.c	19 Aug 2003 20:23:55 -0000	1.4
+++ libc/stdio-common/test-vfprintf.c	1 May 2007 18:35:32 -0000	1.5
@@ -94,6 +94,7 @@ main (void)
       fprintf (fp, "%.*s", 30000, large);
       large[20000] = '\0';
       fprintf (fp, large);
+      fprintf (fp, "%-1.300000000s", "hello");
 
       if (fflush (fp) != 0 || ferror (fp) != 0 || fclose (fp) != 0)
 	{
@@ -108,11 +109,12 @@ main (void)
 		  setlocale (LC_ALL, NULL));
 	  exit (1);
 	}
-      else if (st.st_size != 99999)
+      else if (st.st_size != 50000 + 30000 + 19999 + 5)
 	{
 	  printf ("file size incorrect for locale %s: %jd instead of %jd\n",
 		  setlocale (LC_ALL, NULL),
-		  (intmax_t) st.st_size, (intmax_t) 99999);
+		  (intmax_t) st.st_size,
+		  (intmax_t) 50000 + 30000 + 19999 + 5);
 	  res = 1;
 	}
       else