James, thanks a lot for reporting that one. I''ve filed this bug:
6732957 small bug in dt_printf.c
Is anyone interested in submitting the fix? Is anyone from Sun interested in
sponsoring a contribution? Thanks.
Adam
On Mon, Jul 28, 2008 at 10:48:44PM -0700, James McIlree
wrote:>
> Here is an interesting one :-). Unfortunately I can''t pass along
a test
> case, but I think
> visual inspection of the code will be enough to see that f can be beyond
> format[0] when
> the snprintf() is called.
>
> James M
>
>
> +++ ./libdtrace/dt_printf.c 2008-07-28 16:54:04.000000000 -0700
> @@ -1476,10 +1476,10 @@ dt_printf_format(dtrace_hdl_t *dtp, FILE
> width = 0;
>
> if (width != 0)
> - f += snprintf(f, sizeof (format), "%d", ABS(width));
> + f += snprintf(f, sizeof (format) - (f - format), "%d",
ABS(width));
>
> if (prec > 0)
> - f += snprintf(f, sizeof (format), ".%d", prec);
> + f += snprintf(f, sizeof (format) - (f - format), ".%d",
prec);
>
>
> _______________________________________________
> dtrace-discuss mailing list
> dtrace-discuss at opensolaris.org
--
Adam Leventhal, Fishworks http://blogs.sun.com/ahl