Bug 216590 - gcc -O2 -D_FORTIFY_SOURCE=2 truncates string
gcc -O2 -D_FORTIFY_SOURCE=2 truncates string
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: gcc (Show other bugs)
6
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-21 02:03 EST by Richard Chan
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-11-21 02:35:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Richard Chan 2006-11-21 02:03:30 EST
Description of problem:

Reuse same buffer in sprintf, i.e., 

 char buffer[50]="ABCDEF";
 sprintf(buffer, "%s+%d", buffer, 123456)

gives "+123456" instead of "ABCDEF+123456", i.e. buffer is truncated first to
"\0" before concatenating with "+123456".
Happens only with -D_FORTIFY_SOURCE=2 -O2

-O2 OR -D_FORTIFY_SOURCE=2 separately are ok.


Version-Release number of selected component (if applicable):
gcc 4.1.1-30
glibc 2.5-3


How reproducible:
Always


Steps to Reproduce:
1.  Test file
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char** argv)
{
        char buffer[50];
        sprintf(buffer, "ABCDEF");
        printf("%s\n", buffer);
        sprintf(buffer, "%s+%s", buffer, "123456");
        printf("%s\n", buffer);
}

2. Compile test file:
gcc -o testing testing.c -O2 -Wp,-D_FORTIFY_SOURCE=2
3. Run
./testing
 
Actual results:
ABCDEF
+123456

Expected results:
ABCDEF
ABCDEF+123456

Additional info:
Comment 1 Jakub Jelinek 2006-11-21 02:35:35 EST
The testcase is invalid. Please read:
http://www.opengroup.org/onlinepubs/009695399/functions/sprintf.html
"If copying takes place between objects that overlap as a result of a call to
sprintf() or snprintf(), the results are undefined."
That's the exact case here, and any result is conforming undefined behavior.
ISO C99 has similar wording for this.
Comment 2 Richard Chan 2006-11-21 20:44:39 EST
Aaaah - tks - audacious in Fedora Extras uses exactly this (undefined) construct
and is generating bad strings.

./Plugins/Input/cdaudio/cddb.c
 sprintf(buffer, "%s+%d", buffer, LBA(info->track[i]));
....

this is how I encountered the problem. I have referred this bug to audacious
maintainer (see 216571) and upstream.

Note You need to log in before you can comment on or make changes to this bug.