bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: vasnprintf's "%n in writable segment" chokes with _FORTIFY_SOURCE ==


From: Bruno Haible
Subject: Re: vasnprintf's "%n in writable segment" chokes with _FORTIFY_SOURCE == 2
Date: Thu, 18 Oct 2007 13:13:21 +0200
User-agent: KMail/1.5.4

Jim Meyering wrote:
>     $ ./seq 1
>     *** %n in writable segment detected ***

The use of format strings in writable memory is valid. A use case is, for
example, in
    printf (gettext ("foo %d bar %x %n"), ...);

When the translator's and the user's charset encoding are not the same,
or when mmap() is not available, the format string returned by the gettext
function will be in writable memory.

The distinction between read-only and writable memory is something I had not
thought of in m4/printf.m4. Making the test more accurate like this.


2007-10-18  Bruno Haible  <address@hidden>

        * m4/printf.m4 (gl_PRINTF_DIRECTIVE_N, gl_SNPRINTF_DIRECTIVE_N): Put
        the format string into writable memory. Needed in Fortify conditions.

*** m4/printf.m4.orig   2007-10-18 13:10:26.000000000 +0200
--- m4/printf.m4        2007-10-18 13:05:44.000000000 +0200
***************
*** 1,4 ****
! # printf.m4 serial 16
  dnl Copyright (C) 2003, 2007 Free Software Foundation, Inc.
  dnl This file is free software; the Free Software Foundation
  dnl gives unlimited permission to copy and/or distribute it,
--- 1,4 ----
! # printf.m4 serial 17
  dnl Copyright (C) 2003, 2007 Free Software Foundation, Inc.
  dnl This file is free software; the Free Software Foundation
  dnl gives unlimited permission to copy and/or distribute it,
***************
*** 585,595 ****
        AC_TRY_RUN([
  #include <stdio.h>
  #include <string.h>
  static char buf[100];
  int main ()
  {
    int count = -1;
!   if (sprintf (buf, "%d %n", 123, &count, 33, 44, 55) < 0
        || strcmp (buf, "123 ") != 0
        || count != 4)
      return 1;
--- 585,600 ----
        AC_TRY_RUN([
  #include <stdio.h>
  #include <string.h>
+ static char fmtstring[10];
  static char buf[100];
  int main ()
  {
    int count = -1;
!   /* Copy the format string.  Some systems (glibc with _FORTIFY_SOURCE=2)
!      support %n in format strings in read-only memory but not in writable
!      memory.  */
!   strcpy (fmtstring, "%d %n");
!   if (sprintf (buf, fmtstring, 123, &count, 33, 44, 55) < 0
        || strcmp (buf, "123 ") != 0
        || count != 4)
      return 1;
***************
*** 872,882 ****
        AC_TRY_RUN([
  #include <stdio.h>
  #include <string.h>
  static char buf[100];
  int main ()
  {
    int count = -1;
!   snprintf (buf, 4, "%d %n", 12345, &count, 33, 44, 55);
    if (count != 6)
      return 1;
    return 0;
--- 877,892 ----
        AC_TRY_RUN([
  #include <stdio.h>
  #include <string.h>
+ static char fmtstring[10];
  static char buf[100];
  int main ()
  {
    int count = -1;
!   /* Copy the format string.  Some systems (glibc with _FORTIFY_SOURCE=2)
!      support %n in format strings in read-only memory but not in writable
!      memory.  */
!   strcpy (fmtstring, "%d %n");
!   snprintf (buf, 4, fmtstring, 12345, &count, 33, 44, 55);
    if (count != 6)
      return 1;
    return 0;





reply via email to

[Prev in Thread] Current Thread [Next in Thread]