James, thanks a lot for reporting that one. I've filed this bug: 6732957 small bug in dt_printf.c
Is anyone interested in submitting the fix? Is anyone from Sun interested in sponsoring a contribution? Thanks. Adam On Mon, Jul 28, 2008 at 10:48:44PM -0700, James McIlree wrote: > > Here is an interesting one :-). Unfortunately I can't pass along a test > case, but I think > visual inspection of the code will be enough to see that f can be beyond > format[0] when > the snprintf() is called. > > James M > > > +++ ./libdtrace/dt_printf.c 2008-07-28 16:54:04.000000000 -0700 > @@ -1476,10 +1476,10 @@ dt_printf_format(dtrace_hdl_t *dtp, FILE > width = 0; > > if (width != 0) > - f += snprintf(f, sizeof (format), "%d", ABS(width)); > + f += snprintf(f, sizeof (format) - (f - format), "%d", > ABS(width)); > > if (prec > 0) > - f += snprintf(f, sizeof (format), ".%d", prec); > + f += snprintf(f, sizeof (format) - (f - format), ".%d", > prec); > > > _______________________________________________ > dtrace-discuss mailing list > [email protected] -- Adam Leventhal, Fishworks http://blogs.sun.com/ahl _______________________________________________ dtrace-discuss mailing list [email protected]
