Bug 90987 - sprintf() is limited to 2^26 bytes.
Summary: sprintf() is limited to 2^26 bytes.
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: glibc
Version: 9
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-05-16 05:12 UTC by Féliciano Matias
Modified: 2016-11-24 15:04 UTC (History)
4 users (show)

Fixed In Version: 2.3.2-43
Clone Of:
Environment:
Last Closed: 2003-07-31 08:03:05 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2003:325 0 normal SHIPPED_LIVE : Updated glibc packages provide security and bug fixes 2003-11-12 05:00:00 UTC

Description Féliciano Matias 2003-05-16 05:12:47 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.7 (X11; Linux i686; U;) Gecko/20030131

Description of problem:
sprintf() don't handle strings bigger than 2^26 bytes.

Version-Release number of selected component (if applicable):
glibc-2.3.2-27.9

How reproducible:
Always

Steps to Reproduce:
Use this source :
test.c
===================================
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define SIZE (1024*70000)
int main(void) {
    char * s = malloc(SIZE) ;
    char * d = malloc(SIZE) ;
    memset(s, 'a', SIZE-1) ;
    d[SIZE-1] = '\0' ;
    sprintf(d,"%s",s) ;
    printf("%zi\n", strlen(d)) ;
    return 0 ;
}
===================================
compile :
$ gcc test.c
execute :
$ ./a.out


Actual Results:  67108863 (2^26-1)

Expected Results:  71679999

Additional info:

This cause to me some trouble with postgresql (look at the end of the message) :
http://archives.postgresql.org/pgsql-general/2003-05/msg00516.php

Comment 1 Jakub Jelinek 2003-05-16 10:40:04 UTC
The culprit is the horribly complicated code in _IO_str_init_static.
Primary question, do we care about weirdo arches which glibc doesn't support
anyway? If not, I think
a) _IO_str_init_static_internal must take ssize_t size, not int
   (and just make _IO_str_init_static a wrapper with int size)
b) if size < 0, it should be IMHO just size = (char *)-1UL - ptr;
I will create a patch if you agree.

Comment 3 Ulrich Drepper 2003-06-10 03:22:40 UTC
The current glibc CVS code has been changed to not have this liimtation anymore.

Comment 4 Féliciano Matias 2003-07-31 02:57:33 UTC
Solved in serven. Up to 200 000 ko (don't have enough memory to do more).

Comment 5 Jakub Jelinek 2003-07-31 08:03:05 UTC
Oops, forgot to update the bug.

Comment 6 Ulrich Drepper 2003-11-04 21:46:03 UTC
Should also be solved in the RHL9 errata.  Test code at

  ftp://people.redhat.com/jakub/glibc/errata/2.3.2-27.9.4/           
                                                                    



Note You need to log in before you can comment on or make changes to this bug.