toolchain/50758: [src/tools/compat/snprintf.c:192]: (error) Array 'rep[9]' accessed at index 10, which is out of bounds.

To: toolchain-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: toolchain/50758: [src/tools/compat/snprintf.c:192]: (error) Array 'rep[9]' accessed at index 10, which is out of bounds.
From: dcb314%hotmail.com@localhost
Date: Wed, 3 Feb 2016 10:15:00 +0000 (UTC)

>Number:         50758
>Category:       toolchain
>Synopsis:       [src/tools/compat/snprintf.c:192]: (error) Array 'rep[9]' accessed at index 10, which is out of bounds.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    toolchain-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 03 10:15:00 +0000 2016
>Originator:     David Binderman
>Release:        cvs dated 20160203
>Organization:
>Environment:
>Description:

Source code is

     (*state->append_char)(state, rep[10] + 23); /* XXX */

but function append_number is sometimes called with rep for octal only.

    len += append_number (state, arg, 010, "01234567",
                  width, prec, flags, 0);

Octal numbers are pretty rare these days.

I think this would be another bug caught by -D_FORTIFY_SOURCE=2.



>How-To-Repeat:

>Fix:

Prev by Date: bin/50757: src/usr.sbin/sysinst/arch/mac68k/md.c: 2 * array index out of range ?
Next by Date: port-x68k/50759: [src/sys/arch/x68k/dev/zs.c:159]: (error) Array 'zs_physaddr[5]' accessed at index 5, which is out of bounds.
Previous by Thread: bin/50757: src/usr.sbin/sysinst/arch/mac68k/md.c: 2 * array index out of range ?
Next by Thread: Re: toolchain/50758: [src/tools/compat/snprintf.c:192]: (error) Array 'rep[9]' accessed at index 10, which is out of bounds.
Indexes:

Home | Main Index | Thread Index | Old Index