>Number:         2633
>Category:       kern
>Synopsis:       kprintf() array overrun
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Jul 16 02:20:01 1996
>Last-Modified:
>Originator:     Daniel G. Pouzzner
>Organization:
just me
>Release:        1.2 alpha of 22 jun 1996
>Environment:
sparc IPX, currently 1.1 snap as listed below [not
			relevant to PR]
>Description:
if you have a fmt string that ends in "%l" kprintf will just keep
hurtling right past the terminating null (gets defaulted out).

>How-To-Repeat:
(roll your own)

>Fix:
insert this right after "reswitch:" in ${sys}/kern/subr_prf.c
(at line 394 in v.1-2-1.25 (some time around 22 june)):

                case '\0':
                        putchar('l', flags, tp); /* got at least one, anyway */
                        return;

the oversight is duplicated in ${sys}/lib/libsa/printf.c if that's of
any import.
>Audit-Trail:
>Unformatted:
>System: NetBSD lerome 1.1 NetBSD 1.1 (GENERIC_SCSI3) #9: Tue Nov 21 20:15:17 MET 1995 pk@neon:/usr/src1/sys/arch/sparc/compile/GENERIC_SCSI3 sparc