Re: toolchain/50758: [src/tools/compat/snprintf.c:192]: (error) Array 'rep[9]' accessed at index 10, which is out of bounds.

[David Holland <dholland-bugs%netbsd.org@localhost>]

The following reply was made to PR toolchain/50758; it has been noted by GNATS.

From: David Holland <dholland-bugs%netbsd.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: toolchain/50758: [src/tools/compat/snprintf.c:192]: (error)
 Array 'rep[9]' accessed at index 10, which is out of bounds.
Date: Tue, 31 May 2016 02:58:03 +0000

 On Wed, Feb 03, 2016 at 10:15:00AM +0000, dcb314%hotmail.com@localhost wrote:
  > Source code is
  > 
  >      (*state->append_char)(state, rep[10] + 23); /* XXX */
  > 
  > but function append_number is sometimes called with rep for octal only.
  > 
  >     len += append_number (state, arg, 010, "01234567",
  >                   width, prec, flags, 0);
  > 
  > Octal numbers are pretty rare these days.
  > 
  > I think this would be another bug caught by -D_FORTIFY_SOURCE=2.
 
 Nope, it's a false positive. Right before the line you cite is
 
     if(base == 16)
 
 which rules out the octal and decimal cases where rep[10] isn't there.
 
 (rep[10] + 23 gives either 'x' or 'X'; it looks to me like the code
 prints x0abcd instead of 0xabcd and that seems like a bug, but that's
 not related.)
 
 -- 
 David A. Holland
 dholland%netbsd.org@localhost