Red Hat Bugzilla – Bug 90987
sprintf() is limited to 2^26 bytes.
Last modified: 2016-11-24 10:04:56 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 Galeon/1.2.7 (X11; Linux i686; U;) Gecko/20030131 Description of problem: sprintf() don't handle strings bigger than 2^26 bytes. Version-Release number of selected component (if applicable): glibc-2.3.2-27.9 How reproducible: Always Steps to Reproduce: Use this source : test.c =================================== #include <stdio.h> #include <stdlib.h> #include <string.h> #define SIZE (1024*70000) int main(void) { char * s = malloc(SIZE) ; char * d = malloc(SIZE) ; memset(s, 'a', SIZE-1) ; d[SIZE-1] = '\0' ; sprintf(d,"%s",s) ; printf("%zi\n", strlen(d)) ; return 0 ; } =================================== compile : $ gcc test.c execute : $ ./a.out Actual Results: 67108863 (2^26-1) Expected Results: 71679999 Additional info: This cause to me some trouble with postgresql (look at the end of the message) : http://archives.postgresql.org/pgsql-general/2003-05/msg00516.php
The culprit is the horribly complicated code in _IO_str_init_static. Primary question, do we care about weirdo arches which glibc doesn't support anyway? If not, I think a) _IO_str_init_static_internal must take ssize_t size, not int (and just make _IO_str_init_static a wrapper with int size) b) if size < 0, it should be IMHO just size = (char *)-1UL - ptr; I will create a patch if you agree.
The current glibc CVS code has been changed to not have this liimtation anymore.
Solved in serven. Up to 200 000 ko (don't have enough memory to do more).
Oops, forgot to update the bug.
Should also be solved in the RHL9 errata. Test code at ftp://people.redhat.com/jakub/glibc/errata/2.3.2-27.9.4/