bug in __gmp_replacement_vsnprintf
Paul Zimmermann
Paul.Zimmermann at inria.fr
Mon Aug 21 10:59:13 CEST 2023
Hi,
here is a small program that exhibits the bug (for example on gcc231):
gcc231$ cat bug.c
#include <stdio.h>
#include <stdarg.h>
#include <gmp.h>
static void
foo (char **buf, const char *fmt, ...)
{
va_list ap;
va_start (ap, fmt);
gmp_vasprintf (buf, fmt, ap);
va_end (ap);
}
int
main (int argc, char **argv)
{
char *buf[1];
foo (buf, "%a", -1.25);
printf ("buf='%s'\n", buf[0]);
}
gcc231$ cc -I. bug.c .libs/libgmp.a
.libs/libgmp.a(doprntf.o): In function `__gmp_doprnt_mpf2':
doprntf.c:(.text+0x2c4): warning: sprintf() is often misused, please use snprintf()
.libs/libgmp.a(repl-vsnprintf.o): In function `__gmp_replacement_vsnprintf':
repl-vsnprintf.c:(.text+0x3a8): warning: vsprintf() is often misused, please use vsnprintf()
gcc231$ ./a.out
repl-vsnprintf.c:389: GNU MP assertion failed: len < total_width
Abort trap (core dumped)
You can also reproduce on any other computer after uncommenting
#define HAVE_VSNPRINTF 1 in config.h.
Paul
PS: it would be nice to add some tests with %a or %A in tests/misc/t-printf.c
More information about the gmp-bugs
mailing list