about summary refs log tree commit diff
diff options
context:
space:
mode:
authorPetr Baudis <pasky@suse.cz>2011-02-20 13:59:49 +0100
committerPetr Baudis <pasky@suse.cz>2011-05-27 00:02:15 +0200
commita4fd88c0fcf4e51825a540820bc9a95081f4f9fb (patch)
tree6e5a02b615e9acf1a2de27c7391af664ca5a3381
parentc55cc45ed76603b380489ee8c91ab5dce92e92f1 (diff)
downloadglibc-a4fd88c0fcf4e51825a540820bc9a95081f4f9fb.tar.gz
glibc-a4fd88c0fcf4e51825a540820bc9a95081f4f9fb.tar.xz
glibc-a4fd88c0fcf4e51825a540820bc9a95081f4f9fb.zip
Fix allocation when handling positional parameters in printf.
(cherry picked from commit 84a4211850e3d23a9d3a4f3b294752a3b30bc0ff)
-rw-r--r--ChangeLog9
-rw-r--r--stdio-common/Makefile2
-rw-r--r--stdio-common/bug23.c21
-rw-r--r--stdio-common/vfprintf.c5
4 files changed, 34 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 17c436dffe..25c8e7ee20 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2011-01-27  Petr Baudis  <pasky@suse.cz>
+	    Ulrich Drepper  <drepper@gmail.com>
+
+	[BZ #12445]
+	* stdio-common/vfprintf.c (vfprintf): Pass correct newlen
+	to extend_alloca().
+	* stdio-common/bug23.c: New file.
+	* stdio-common/Makefile (tests): Add bug23.
+
 2011-02-16  Ryan S. Arnold  <rsa@us.ibm.com>
 
 	* sysdeps/unix/sysv/linux/powerpc/powerpc64/sysdep.h:
diff --git a/stdio-common/Makefile b/stdio-common/Makefile
index 6aabfb6b54..6c71f1c37f 100644
--- a/stdio-common/Makefile
+++ b/stdio-common/Makefile
@@ -60,7 +60,7 @@ tests := tstscanf test_rdwr test-popen tstgetln test-fseek \
 	 tst-popen tst-unlockedio tst-fmemopen2 tst-put-error tst-fgets \
 	 tst-fwrite bug16 bug17 tst-swscanf tst-sprintf2 bug18 bug18a \
 	 bug19 bug19a tst-popen2 scanf13 scanf14 scanf15 bug20 bug21 bug22 \
-	 scanf16 scanf17 tst-setvbuf1 tst-grouping
+	 scanf16 scanf17 tst-setvbuf1 tst-grouping bug23
 
 test-srcs = tst-unbputc tst-printf
 
diff --git a/stdio-common/bug23.c b/stdio-common/bug23.c
new file mode 100644
index 0000000000..dcc5428078
--- /dev/null
+++ b/stdio-common/bug23.c
@@ -0,0 +1,21 @@
+#include <stdio.h>
+#include <string.h>
+
+static char buf[32768];
+static const char expected[] = "\
+\n\
+a\n\
+abbcd55%%%%%%%%%%%%%%%%%%%%%%%%%%\n";
+
+static int
+do_test (void)
+{
+  snprintf (buf, sizeof (buf),
+	    "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d"
+	    "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\n",
+	    "a", "b", "c", "d", 5);
+  return strcmp (buf, expected) != 0;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"
diff --git a/stdio-common/vfprintf.c b/stdio-common/vfprintf.c
index 6e0e85cd7c..ab7fa1371f 100644
--- a/stdio-common/vfprintf.c
+++ b/stdio-common/vfprintf.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1991-2008, 2009   Free Software Foundation, Inc.
+/* Copyright (C) 1991-2008, 2009, 2011   Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -1676,7 +1676,8 @@ do_positional:
 	  {
 	    /* Extend the array of format specifiers.  */
 	    struct printf_spec *old = specs;
-	    specs = extend_alloca (specs, nspecs_max, 2 * nspecs_max);
+	    specs = extend_alloca (specs, nspecs_max,
+				   2 * nspecs_max * sizeof (*specs));
 
 	    /* Copy the old array's elements to the new space.  */
 	    memmove (specs, old, nspecs * sizeof (struct printf_spec));