[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
arch-independent glibc printf segfault for "special" long double values
From: |
Jim Meyering |
Subject: |
arch-independent glibc printf segfault for "special" long double values |
Date: |
Fri, 08 Jun 2007 10:48:02 +0200 |
This started with Bruno Haible's bug report:
> printf crashes on some 'long double' values
> http://sourceware.org/bugzilla/show_bug.cgi?id=4586
I objected to the closure of that BZ:
http://thread.gmane.org/gmane.comp.lib.glibc.alpha/12394
because I don't want to have to use bulky *printf replacements
forever, just to avoid the potential of this glibc code to make
my applications vulnerable to a user-data-provoked segfault.
Note that I've changed the subject to emphasize that this is
architecture-independent. Well, at least it is not IA64-specific.
To trigger it you need a "long double" type longer than 8 bytes.
For example, it can cause GNU od to segfault.
On x86_64, you need to use -tf16 to get the long double interpretation.
On an 686-based system, it's a 12-byte quantity, so you need "-tf12".
Both of these systems are using libc-2.5:
On at least an AMD/x86_64:
$ perl -e 'print pack("LLLL", 0, 0, 32772, 0)' |od -tf16
[Exit 139 (SEGV)]
On an i686-based system:
$ perl -e 'print pack("LLLL", 0, 0, 32772, 0)' |od -tf12
[Exit 139 (SEGV)]
Thanks again to Jakub Jelinek for changing it.
Now, the above should print those values as FP zeros.
- Re: glibc segfault on "special" long double values is _ok_!?, (continued)
Re: glibc segfault on "special" long double values is _ok_!?, Bruno Haible, 2007/06/06
[PATCH] Re: glibc segfault on "special" long double values is _ok_!?, Jakub Jelinek, 2007/06/06
Re: glibc segfault on "special" long double values is _ok_!?, Jeremy Linton, 2007/06/07
arch-independent glibc printf segfault for "special" long double values,
Jim Meyering <=