2007-05-04 Ulrich Drepper <drepper@redhat.com>

	* stdio-common/vfprintf.c (process_string_arg): Adjust call to
	__mbsnrtowcs after last change.

2007-05-02  Jakub Jelinek  <jakub@redhat.com>

	* stdio-common/vfprintf.c (process_string_arg): Use a VLA rather than
	fixed length array for ignore.

2007-04-30  Ulrich Drepper  <drepper@redhat.com>

	[BZ #4438]
	* stdio-common/vfprintf.c (process_string_arg): Don't overflow the
	stack for large precisions.
	* stdio-common/test-vfprintf.c (main): Add test for large
	precision.

diff --git a/ChangeLog b/ChangeLog
index 43c79445ec6b362ab78e94540ef8518674a3360e..13cd8b896da9a81e5d39967b590e8a8250b00314 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,21 @@
+2007-05-04  Ulrich Drepper  <drepper@redhat.com>
+
+       * stdio-common/vfprintf.c (process_string_arg): Adjust call to
+       __mbsnrtowcs after last change.
+
+2007-05-02  Jakub Jelinek  <jakub@redhat.com>
+
+       * stdio-common/vfprintf.c (process_string_arg): Use a VLA rather than
+       fixed length array for ignore.
+
+2007-04-30  Ulrich Drepper  <drepper@redhat.com>
+
+       [BZ #4438]
+       * stdio-common/vfprintf.c (process_string_arg): Don't overflow the
+       stack for large precisions.
+       * stdio-common/test-vfprintf.c (main): Add test for large
+       precision.
+
 2007-04-30  Jakub Jelinek  <jakub@redhat.com>
 
        * stdio-common/printf_fp.c (___printf_fp): Don't print negative sign

diff --git a/stdio-common/test-vfprintf.c b/stdio-common/test-vfprintf.c
index a683eac779e66ce6629a236b927e2d800a0b456c..a2f9c19ca23b3e1499746bf43c6650a40534d402 100644 (file)
--- a/stdio-common/test-vfprintf.c
+++ b/stdio-common/test-vfprintf.c
@@ -94,6 +94,7 @@ main (void)
       fprintf (fp, "%.*s", 30000, large);
       large[20000] = '\0';
       fprintf (fp, large);
+      fprintf (fp, "%-1.300000000s", "hello");
 
       if (fflush (fp) != 0 || ferror (fp) != 0 || fclose (fp) != 0)
        {
@@ -108,11 +109,12 @@ main (void)
                  setlocale (LC_ALL, NULL));
          exit (1);
        }
-      else if (st.st_size != 99999)
+      else if (st.st_size != 50000 + 30000 + 19999 + 5)
        {
          printf ("file size incorrect for locale %s: %jd instead of %jd\n",
                  setlocale (LC_ALL, NULL),
-                 (intmax_t) st.st_size, (intmax_t) 99999);
+                 (intmax_t) st.st_size,
+                 (intmax_t) 50000 + 30000 + 19999 + 5);
          res = 1;
        }
       else

diff --git a/stdio-common/vfprintf.c b/stdio-common/vfprintf.c
index 53339f307842bd2bfc5f826a21ca3fd27ab7d828..b92d1c4b6469c14ad93002ec15ea0dadfed80d27 100644 (file)
--- a/stdio-common/vfprintf.c
+++ b/stdio-common/vfprintf.c
@@ -1159,19 +1159,26 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap)
                else                                                          \
                  {                                                           \
                    /* In case we have a multibyte character set the          \
-                      situation is more compilcated.  We must not copy       \
+                      situation is more complicated.  We must not copy       \
                       bytes at the end which form an incomplete character. */\
-                   wchar_t ignore[prec];                                     \
+                   size_t ignore_size = (unsigned) prec > 1024 ? 1024 : prec;\
+                   wchar_t ignore[ignore_size];                              \
                    const char *str2 = string;                                \
-                   mbstate_t ps;                                             \
+                   const char *strend = string + prec;                       \
+                   if (strend < string)                                      \
+                     strend = (const char *) UINTPTR_MAX;                    \
                                                                              \
+                   mbstate_t ps;                                             \
                    memset (&ps, '\0', sizeof (ps));                          \
-                   if (__mbsnrtowcs (ignore, &str2, prec, prec, &ps)         \
-                       == (size_t) -1)                                       \
-                     {                                                       \
-                       done = -1;                                            \
-                       goto all_done;                                        \
-                     }                                                       \
+                                                                             \
+                   while (str2 != NULL && str2 < strend)                     \
+                     if (__mbsnrtowcs (ignore, &str2, strend - str2,         \
+                                       ignore_size, &ps) == (size_t) -1)     \
+                       {                                                     \
+                         done = -1;                                          \
+                         goto all_done;                                      \
+                       }                                                     \
+                                                                             \
                    if (str2 == NULL)                                         \
                      len = strlen (string);                                  \
                    else                                                      \