Bug 90987 - sprintf() is limited to 2^26 bytes.
sprintf() is limited to 2^26 bytes.
Product: Red Hat Linux
Classification: Retired
Component: glibc (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2003-05-16 01:12 EDT by Féliciano Matias
Modified: 2016-11-24 10:04 EST (History)
4 users (show)

See Also:
Fixed In Version: 2.3.2-43
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-07-31 04:03:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2003:325 normal SHIPPED_LIVE : Updated glibc packages provide security and bug fixes 2003-11-12 00:00:00 EST

  None (edit)
Description Féliciano Matias 2003-05-16 01:12:47 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.7 (X11; Linux i686; U;) Gecko/20030131

Description of problem:
sprintf() don't handle strings bigger than 2^26 bytes.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Use this source :
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define SIZE (1024*70000)
int main(void) {
    char * s = malloc(SIZE) ;
    char * d = malloc(SIZE) ;
    memset(s, 'a', SIZE-1) ;
    d[SIZE-1] = '\0' ;
    sprintf(d,"%s",s) ;
    printf("%zi\n", strlen(d)) ;
    return 0 ;
compile :
$ gcc test.c
execute :
$ ./a.out

Actual Results:  67108863 (2^26-1)

Expected Results:  71679999

Additional info:

This cause to me some trouble with postgresql (look at the end of the message) :
Comment 1 Jakub Jelinek 2003-05-16 06:40:04 EDT
The culprit is the horribly complicated code in _IO_str_init_static.
Primary question, do we care about weirdo arches which glibc doesn't support
anyway? If not, I think
a) _IO_str_init_static_internal must take ssize_t size, not int
   (and just make _IO_str_init_static a wrapper with int size)
b) if size < 0, it should be IMHO just size = (char *)-1UL - ptr;
I will create a patch if you agree.
Comment 3 Ulrich Drepper 2003-06-09 23:22:40 EDT
The current glibc CVS code has been changed to not have this liimtation anymore.
Comment 4 Féliciano Matias 2003-07-30 22:57:33 EDT
Solved in serven. Up to 200 000 ko (don't have enough memory to do more).
Comment 5 Jakub Jelinek 2003-07-31 04:03:05 EDT
Oops, forgot to update the bug.
Comment 6 Ulrich Drepper 2003-11-04 16:46:03 EST
Should also be solved in the RHL9 errata.  Test code at


Note You need to log in before you can comment on or make changes to this bug.