2007-05-04 Ulrich Drepper <drepper@redhat.com> * stdio-common/vfprintf.c (process_string_arg): Adjust call to __mbsnrtowcs after last change. 2007-05-02 Jakub Jelinek <jakub@redhat.com> * stdio-common/vfprintf.c (process_string_arg): Use a VLA rather than fixed length array for ignore. 2007-04-30 Ulrich Drepper <drepper@redhat.com> [BZ #4438] * stdio-common/vfprintf.c (process_string_arg): Don't overflow the stack for large precisions. * stdio-common/test-vfprintf.c (main): Add test for large precision. --- libc/stdio-common/vfprintf.c 17 Mar 2007 17:08:56 -0000 1.135 +++ libc/stdio-common/vfprintf.c 5 May 2007 04:41:35 -0000 1.138 @@ -1160,19 +1160,26 @@ vfprintf (FILE *s, const CHAR_T *format, else \ { \ /* In case we have a multibyte character set the \ - situation is more compilcated. We must not copy \ + situation is more complicated. We must not copy \ bytes at the end which form an incomplete character. */\ - wchar_t ignore[prec]; \ + size_t ignore_size = (unsigned) prec > 1024 ? 1024 : prec;\ + wchar_t ignore[ignore_size]; \ const char *str2 = string; \ - mbstate_t ps; \ + const char *strend = string + prec; \ + if (strend < string) \ + strend = (const char *) UINTPTR_MAX; \ \ + mbstate_t ps; \ memset (&ps, '\0', sizeof (ps)); \ - if (__mbsnrtowcs (ignore, &str2, prec, prec, &ps) \ - == (size_t) -1) \ - { \ - done = -1; \ - goto all_done; \ - } \ + \ + while (str2 != NULL && str2 < strend) \ + if (__mbsnrtowcs (ignore, &str2, strend - str2, \ + ignore_size, &ps) == (size_t) -1) \ + { \ + done = -1; \ + goto all_done; \ + } \ + \ if (str2 == NULL) \ len = strlen (string); \ else \ --- libc/stdio-common/test-vfprintf.c 19 Aug 2003 20:23:55 -0000 1.4 +++ libc/stdio-common/test-vfprintf.c 1 May 2007 18:35:32 -0000 1.5 @@ -94,6 +94,7 @@ main (void) fprintf (fp, "%.*s", 30000, large); large[20000] = '\0'; fprintf (fp, large); + fprintf (fp, "%-1.300000000s", "hello"); if (fflush (fp) != 0 || ferror (fp) != 0 || fclose (fp) != 0) { @@ -108,11 +109,12 @@ main (void) setlocale (LC_ALL, NULL)); exit (1); } - else if (st.st_size != 99999) + else if (st.st_size != 50000 + 30000 + 19999 + 5) { printf ("file size incorrect for locale %s: %jd instead of %jd\n", setlocale (LC_ALL, NULL), - (intmax_t) st.st_size, (intmax_t) 99999); + (intmax_t) st.st_size, + (intmax_t) 50000 + 30000 + 19999 + 5); res = 1; } else