Il 2020-01-10 17:04 Vincent Lefevre ha scritto:
BTW, I still notice in printf/vasprintf.c:
ret = vsnprintf (d->buf + d->size, space, fmt, ap);
if (ret == -1)
{
ASSERT (strlen (d->buf + d->size) == space-1);
ret = space-1;
}
I believe that also here GMP should assume that a return value -1 means
an unrecoverable error, and should return.
That's why I propose also here a small patch, similar to the one applied
to printf/snprntffuns.c:
diff -r f66635cf2968 printf/vasprintf.c
--- a/printf/vasprintf.c Fri Jan 10 15:13:59 2020 +0100
+++ b/printf/vasprintf.c Mon Jan 13 09:38:16 2020 +0100
@@ -81,10 +81,7 @@
va_copy (ap, orig_ap);
ret = vsnprintf (d->buf + d->size, space, fmt, ap);
if (ret == -1)
- {
- ASSERT (strlen (d->buf + d->size) == space-1);
- ret = space-1;
- }
+ return ret;
/* done if output fits in our space */
if (ret < space-1)
Also here, there is a comment that says "glibc 2.0.x vsnprintf returns
either -1 or size-1 for an overflow,[...] It's necessary to re-run to
determine that size." and the case ret == size -1 is still handled as a
special case.
But here the size is doubled twice. Here in the code by the lines:
if (ret == space-1)
space *= 2; /* possible glibc 2.0.x, so double */
and again in the GMP_ASPRINTF_T_NEED macro, containing:
newalloc = 2*newsize;
And I fear that size overflows are not detected in any way...
Ĝis,
m
_______________________________________________
gmp-devel mailing list
gmp-devel@gmplib.org
https://gmplib.org/mailman/listinfo/gmp-devel
