develooper Front page | perl.perl5.porters | Postings from September 2013

Buggy gcc sprintf()

Thread Next
From:
Karl Williamson
Date:
September 12, 2013 03:43
Subject:
Buggy gcc sprintf()
Message ID:
52313841.2000505@khwilliamson.com
Blead was broken on some platforms for much of yesterday as a result of 
a bug in sprintf that got exposed.  As a result, I'm proposing the 
attached patch to perlhacktips.pod, with a request for wording 
improvements.  The commit message that changed to not use sprintf 
further explains:

commit 9c7618beec18b3be96ea929c073bb3a5beed04ce
Author: Karl Williamson <public@khwilliamson.com>
Date:   Tue Sep 10 20:40:25 2013 -0600

regcomp.c: Use Perl_form() instead of buggy sprintf

Commit 4cabb89a737018190d4e09360a6615e19160709f introduced tests which 
include trying to look up a Unicode property whose name is an upper 
Latin-range character.  This caused errors and a segfault on some but 
not all patforms.  It also turns out that the error is in some locales 
but not others.

The problem was there all along, and this commit merely exposed it; and 
the bug is in the libc sprintf() for those platforms, which was used to 
create the look-up property name.  This version of sprintf() turns out 
to be locale-sensitive, and in a UTF-8 locale, it refuses to format a %s 
that isn't valid UTF-8.  My guess is that sprintf and printf share 
implementation, and such sensitivity may be warranted for printf, but 
certainly not for sprintf.  It is undocumented behavior.  And it is 
incorrect UTF-8 handling even if one were to output UTF-8 only.  The 
reason for that is any malformed text should be turned into the 
REPLACEMENT CHARACTER, not just skipped over.  This is a potential 
security hole in in this sprintf() version.

The solution I ended up for Perl is to replace the sprintf() with 
Perl_form().  I also looked at my_strlcpy() and friends.  Neither one is 
as convenient as the buggy sprintf.  Feel free to replace this with 
something better.

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About