Re: vsnprintf broken

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Johannes Hofmann <Johannes.Hofmann@...>

To: <users@...>

Date: Wednesday, May 14, 2008 - 11:47 am

I think I found the problem. At least the following patch taken
from FreeBSD fixes the issue for me:

Index: lib/libc/stdio/vsnprintf.c
===================================================================
RCS file: /home/dcvs/src/lib/libc/stdio/vsnprintf.c,v
retrieving revision 1.8
diff -r1.8 vsnprintf.c
53c53
<       char dummy;
---
quoted text>       char dummy[2];
63c63,65
<                 str = &dummy;
---
quoted text>               if (on > 0)
>                       *str = '__PLACEHOLDER__1_';
>                 str = dummy;


The FreeBSD commit message is:

revision 1.22
date: 2003-07-02 00:08:44 -0700;  author: jkh;  state: Exp;  lines: +5 -3;
When size is 1 should just null terminate the string.  The dummy variable
is made an array of two, to explicitly avoid stack corruption due to
null-terminating (which is doesn't actually happen due to stack alignment
padding).

Submitted by: Ed Moy <emoy@apple.com>
Obtained from: Apple Computer, Inc.


Does anyone understand, why more than one byte may be written if n = 1?

Cheers,
Johannes


Simon 'corecode' Schubert <corecode@fs.ei.tum.de> wrote:
quoted text> [-- text/plain, encoding quoted-printable, charset: UTF-8, 29 lines --]
> 
> Simon 'corecode' Schubert wrote:
>> Johannes Hofmann wrote:
>>> Hello,
>>>
>>> I see crashes with a string handling library on DragonFly.
>>> The problem can be reduced to the test program below. It crashes on
>>> DragonFly when compiled with "gcc -O2 -o foo foo.c". Without -O2 it 
>>> runs fine. No problems on Linux with or without -O2.
>>> Can anyone spot the problem? I think its related to the use of
>>> va_copy().
>> 
>> No, the problem is that gcc uses %ebx after a function call, which it is
>> not allowed to do:
> [snip]
>> Or does the ABI dictate that %ebx needs to be restored?  Seems that
>> linux/glibc doesn't clobber ebx.
> 
> okay, I am wrong here.  %ebx is supposed to be saved and is also being
> saved by vsnprinf.  gcc is good.
> 
> So this is actually a case of stack smashing.  Have fun finding the bug
> in vsnprintf or in your code :)
> 
>> cheers
>>   simon
> 
> 
> 
> [-- application/pgp-signature, encoding 7bit, 9 lines, name: signature.asc --]
> [-- Description: OpenPGP digital signature --]
>

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: vsnprintf broken, Johannes Hofmann, (Wed May 14, 11:47 am)


linux-kernel:
Sean	Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation,pathname matching
Herbert Xu	Re: 2.6.23-rc4-mm1
Miklos Szeredi	Re: [BUG] long freezes on thinkpad t60
Bart Van Assche	Integration of SCST in the mainstream Linux kernel
git:
Matthieu Moy	Re: [RFC] Convert builin-mailinfo.c to use The Better String Library.
Guido Ostkamp	[PATCH] Fix Solaris Workshop Compiler issues
Shawn Pearce	Re: [RFC] Submodules in GIT
Imran M Yousuf	Re: [kernel.org users] [RFD] On deprecating "git-foo" for builtins
openbsd-misc:
Marcos Laufer	dmesg IBM x3650 OpenBSD 4.3
Marco Peereboom	Re: Real men don't attack straw men
patrick keshishian	SMTP flood + spamdb
Andrés Delfino	Re: bcw(4) is gone
linux-netdev:
Tilman Schmidt	Re: 2.6.25-rc8: FTP transfer errors
Denys Fedoryshchenko	SFQ depth limit
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
David Miller	[GIT]: Networking


high memory	16 hours ago	Linux kernel
semaphore access speed	19 hours ago	Applications and Utilities
the kernel how to power off the machine	20 hours ago	Linux kernel
Easter Eggs in windows XP	23 hours ago	Windows
Shared swap partition	1 day ago	Linux general
Root password	1 day ago	Linux general
Where/when DNOTIFY is used?	1 day ago	Linux kernel
How to convert Linux Kernel built-in module into a loadable module	1 day ago	Linux kernel
Linux 2.6.24 and I/O schedulers	1 day ago	Linux kernel
USB Driver -- Interrupt Polling -- A Little Help Please	1 day ago	Linux general

Re: vsnprintf broken

Online users