On Thu, 7 Feb 2008, Carmelo AMOROSO wrote: > The fix I committed I think it's better... because solve the stack > overflow but keep the check against > higher character. > I tested it and it works. Let me know your comments.
Hi, One of the concerns I had with that loop is that it always aborts the parser if it trips on a "wider" character during the copy, even if it wasn't part of the format specifier. For instance: wprintf(L"%d %d %d \x0101\n", 1, 2, 3); I don't know if this is a problem in real life, but I erred on the side of caution and wound up using this fix: --- uClibc-nptl-0.9.29-20070423.orig/libc/stdio/_vfprintf.c 2006-06-19 19:32:05.000000000 -0700 +++ uClibc-nptl-0.9.29-20070423/libc/stdio/_vfprintf.c 2008-01-16 15:18:19.000000000 -0800 @@ -893,10 +893,13 @@ fmt = buf + 1; i = 0; do { + if(i == sizeof(buf)) + break; if ((buf[i] = (char) (((wchar_t *) ppfs->fmtpos)[i-1])) != (((wchar_t *) ppfs->fmtpos)[i-1]) ) { - return -1; + buf[i] = 0; + break; } } while (buf[i++]); buf[sizeof(buf)-1] = 0; _______________________________________________ uClibc mailing list uClibc@uclibc.org http://busybox.net/cgi-bin/mailman/listinfo/uclibc