Re: %.1s format with vasnprintf reads more than one byte from argument

[Eric Blake]

Bruno Haible <bruno <at> clisp.org> writes:

> 
> Thanks for these findings! It's not only "%.*ls" which has the bug, but also
> "%ls" without a precision. I'm applying this workaround:
> 
> 
> 2009-02-26  Bruno Haible  <bruno <at> clisp.org>
> 
>       Fix *printf behaviour regarding the %ls directive.

I'm now getting failures on Solaris 10, at the same line, and traced it to a 
call to the native:

/* second byte uninitialized, and happens to be invalid character */
wchar_t str[2] = { 'a', 0x65666768 };
snprintf(buffer, 12, "%.*ls", 1, str);

with a return of returns -1 with errno EILSEQ, instead of populating buffer 
with "a" and returning 1.  In short, Solaris parses too far into the wchar_t* 
array, detects failure in converting str[1], and fails with EILSEQ, even though 
str[0] was sufficient to provide the requested precision.  Random failures due 
to reading uninitialized memory are unacceptable, and while this was EILSEQ, it 
is also possible to trigger SIGSEGV.

This patch was sufficient to make the configure test detect the Solaris bug, 
while still letting Linux defer to the (working) native version; okay to apply, 
or do you want to touch it up further?

$ git pull git://repo.or.cz/gnulib/ericb.git vasnprintf


From: Eric Blake <address@hidden>
Date: Thu, 26 Feb 2009 11:31:59 -0700
Subject: [PATCH] Work around *printf bug with %.*ls in Solaris 10.

* m4/printf.m4 (gl_PRINTF_DIRECTIVE_LS): Add check that
conversion doesn't wrongly fail with EILSEQ.

Signed-off-by: Eric Blake <address@hidden>
---
 ChangeLog    |    6 ++++++
 m4/printf.m4 |    9 ++++++++-
 2 files changed, 14 insertions(+), 1 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a34e3f8..33e8c1a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 2009-02-26  Eric Blake  <address@hidden>

+       Work around *printf bug with %.*ls in Solaris 10.
+       * m4/printf.m4 (gl_PRINTF_DIRECTIVE_LS): Add check that
+       conversion doesn't wrongly fail with EILSEQ.
+
+2009-02-26  Eric Blake  <address@hidden>
+
        stdlib: favor compiler check of random.h
        * m4/stdlib_h.m4 (gl_STDLIB_H): Skip preprocessor check.  Needed
        to avoid an ObjC random.h installed by Swarm.
diff --git a/m4/printf.m4 b/m4/printf.m4
index f3e201b..3755b13 100644
--- a/m4/printf.m4
+++ b/m4/printf.m4
@@ -652,7 +652,14 @@ int main ()
   char buf[100];
   buf[0] = '\0';
   sprintf (buf, "%ls", wstring);
-  return strcmp (buf, "abc") != 0;
+  if (strcmp (buf, "abc") != 0)
+    return 1;
+  wstring[2] = 0xfdfdfdfd; /* Invalid character.  */
+  buf[0] = '\0';
+  if (sprintf (buf, "%ls", wstring) != -1)
+    return 2;
+  sprintf (buf, "%.2ls", wstring);
+  return strcmp (buf, "ab") != 0;
 }], [gl_cv_func_printf_directive_ls=yes], [gl_cv_func_printf_directive_ls=no],
       [
 changequote(,)dnl
-- 
1.6.1.2