Debian Bug report logs -
#22541
libc6: snprintf incorrect return value
Reported by: Giuliano P Procida <gpp10@cam.ac.uk>
Date: Sun, 17 May 1998 17:33:00 UTC
Severity: normal
Found in version 2.0.7pre3-1
Done: Joel Klecker <jk@espy.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Dale Scheetz <dwarf@polaris.net>:
Bug#22541; Package libc6.
(full text, mbox, link).
Acknowledgement sent to Giuliano P Procida <gpp10@cam.ac.uk>:
New bug report received and forwarded. Copy sent to Dale Scheetz <dwarf@polaris.net>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libc6
Version: 2.0.7pre3-1
The function call
snprintf (<any pointer>, 0, "foo");
should return -1, but instead returns 0. A similar statement applies
to vnsprintf.
I hope this report is of some use.
Giuliano Procida.
-- System Information
Debian Release: 2.0 (frozen)
Kernel Version: Linux hilfy 2.0.34 #1 Wed Apr 22 22:51:55 BST 1998 i586 unknown
Versions of the packages libc6 depends on:
ii ldso 1.9.8-1 The Linux dynamic linker, library and utilit
Information forwarded to Dale Scheetz <dwarf@polaris.net>:
Bug#22541; Package libc6.
(full text, mbox, link).
Acknowledgement sent to Giuliano P Procida <gpp10@cam.ac.uk>:
Extra info received and forwarded to maintainer. Copy sent to Dale Scheetz <dwarf@polaris.net>.
(full text, mbox, link).
Message #10 received at 22541-maintonly@bugs.debian.org (full text, mbox, reply):
#include <stdio.h>
#include <stdarg.h>
int main () {
char buffer[10];
int stat;
int i;
for (i = -2; i < 6; ++i) {
stat = snprintf (buffer, i, "foo");
printf ("i: %d, stat: %d, expected: %d\n", i , stat, i < 4 ? -1 : 3);
}
return 0;
}
/* i: -2, stat: 3, expected: -1
i: -1, stat: 3, expected: -1
i: 0, stat: 0, expected: -1
i: 1, stat: 3, expected: -1
i: 2, stat: -1, expected: -1
i: 3, stat: -1, expected: -1
i: 4, stat: 3, expected: 3
i: 5, stat: 3, expected: 3 */
In general, these cases are broken:
-ve numbers: well, this is arguable
zero: has been special cased in the source for some reason
one: Real Bug(TM)
Unless there is some compelling reason for special casing, I would
suggest replacing the occurance(s) of:
if (MAXLEN == 0) return 0;
with
/* we always need 1 byte for the \0
XXX what about wide characters? */
if (MAXLEN < 1) return -1;
I hope this helps.
Giuliano Procida.
--
mail: gpp10@cam.ac.uk / myxie@debian.org | public PGP key ID: 93898735
home: +44 1223 561237 / 547 Newmarket Road, Cambridge CB5 8PA, UK
work: +44 1223 332127 / Magdalene College, Cambridge CB3 0AG, UK
work: +44 1223 335333 / International Studies, Cambridge CB2 1QY, UK
Information forwarded to debian-bugs-dist@lists.debian.org, Dale Scheetz <dwarf@polaris.net>:
Bug#22541; Package libc6.
(full text, mbox, link).
Acknowledgement sent to Giuliano P Procida <gpp10@cam.ac.uk>:
Extra info received and forwarded to list. Copy sent to Dale Scheetz <dwarf@polaris.net>.
(full text, mbox, link).
Message #15 received at 22541@bugs.debian.org (full text, mbox, reply):
Here is some more! Please ignore previous witterings which indicated
that I had forgotten that size_t is unsigned!
#include <stdio.h>
#include <stdarg.h>
int main () {
char b[9];
int stat;
int i;
for (i = 0; i < 5; ++i) {
stat = snprintf (b, i, "foo");
printf ("i %u, got %d, exp %d\n", i, stat, (size_t) i < 4 ? -1 : 3);
}
for (i = -1; i < 5; ++i) {
stat = snprintf (b, i, "foo");
printf ("i %u, got %d, exp %d\n", i, stat, (size_t) i < 4 ? -1 : 3);
}
return 0;
}
i 0, got 0, exp -1 <- sick
i 1, got -1, exp -1 <- works OK
i 2, got -1, exp -1
i 3, got -1, exp -1
i 4, got 3, exp 3
i 4294967295, got 3, exp 3 <- throw in MAX_UINT
i 0, got 0, exp -1 <- sick
i 1, got 3, exp -1 <- BROKEN this time
i 2, got -1, exp -1
i 3, got -1, exp -1
i 4, got 3, exp 3
I also tried "fo" and got a different result. Two different computers,
same compiler and library.
Giuliano Procida.
Information forwarded to debian-bugs-dist@lists.debian.org, Joel Klecker <debian-glibc@lists.debian.org>:
Bug#22541; Package libc6.
(full text, mbox, link).
Acknowledgement sent to Kevin Ryde <user42@zip.com.au>:
Extra info received and forwarded to list. Copy sent to Joel Klecker <debian-glibc@lists.debian.org>.
(full text, mbox, link).
Message #20 received at 22541@bugs.debian.org (full text, mbox, reply):
Giuliano P Procida <gpp10@cam.ac.uk> writes:
>
> Here is some more! Please ignore previous witterings which indicated
> that I had forgotten that size_t is unsigned!
>
> #include <stdio.h>
> #include <stdarg.h>
> int main () {
> char b[9];
> int stat;
> int i;
> for (i = 0; i < 5; ++i) {
> stat = snprintf (b, i, "foo");
> printf ("i %u, got %d, exp %d\n", i, stat, (size_t) i < 4 ? -1 : 3);
> }
> for (i = -1; i < 5; ++i) {
> stat = snprintf (b, i, "foo");
> printf ("i %u, got %d, exp %d\n", i, stat, (size_t) i < 4 ? -1 : 3);
> }
> return 0;
> }
>
> i 0, got 0, exp -1 <- sick
> i 1, got -1, exp -1 <- works OK
> i 2, got -1, exp -1
> i 3, got -1, exp -1
> i 4, got 3, exp 3
> i 4294967295, got 3, exp 3 <- throw in MAX_UINT
> i 0, got 0, exp -1 <- sick
> i 1, got 3, exp -1 <- BROKEN this time
> i 2, got -1, exp -1
> i 3, got -1, exp -1
> i 4, got 3, exp 3
I just gave snprintf() a try in libc6 2.1.2-11 and it now returns 3 in
all the above cases, which is correct per the change to ISO C9x
described in the info docs for snprintf(), so I think this bug could
be closed.
Reply sent to Joel Klecker <jk@espy.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Giuliano P Procida <gpp10@cam.ac.uk>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #25 received at 22541-done@bugs.debian.org (full text, mbox, reply):
At 08:03 +1000 2000-01-16, Kevin Ryde wrote:
>Giuliano P Procida <gpp10@cam.ac.uk> writes:
>>
>> Here is some more! Please ignore previous witterings which indicated
>> that I had forgotten that size_t is unsigned!
>>
>> #include <stdio.h>
>> #include <stdarg.h>
>> int main () {
>> char b[9];
>> int stat;
>> int i;
>> for (i = 0; i < 5; ++i) {
>> stat = snprintf (b, i, "foo");
>> printf ("i %u, got %d, exp %d\n", i, stat, (size_t) i < 4 ? -1 : 3);
>> }
>> for (i = -1; i < 5; ++i) {
>> stat = snprintf (b, i, "foo");
>> printf ("i %u, got %d, exp %d\n", i, stat, (size_t) i < 4 ? -1 : 3);
>> }
>> return 0;
>> }
>>
>> i 0, got 0, exp -1 <- sick
>> i 1, got -1, exp -1 <- works OK
>> i 2, got -1, exp -1
>> i 3, got -1, exp -1
>> i 4, got 3, exp 3
>> i 4294967295, got 3, exp 3 <- throw in MAX_UINT
>> i 0, got 0, exp -1 <- sick
>> i 1, got 3, exp -1 <- BROKEN this time
>> i 2, got -1, exp -1
>> i 3, got -1, exp -1
>> i 4, got 3, exp 3
>
>
>I just gave snprintf() a try in libc6 2.1.2-11 and it now returns 3 in
>all the above cases, which is correct per the change to ISO C9x
>described in the info docs for snprintf(), so I think this bug could
>be closed.
Thanks for noticing this, I will do so.
--
Joel Klecker (aka Espy) <URL:mailto:espy@debian.org>
Debian Package Maintainer for the GNU C Library.
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Fri Apr 19 01:11:35 2024;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.