| 2008-12-07 04:00:09 |
Anders Kaseorg |
bug |
|
|
added bug |
| 2008-12-07 10:35:05 |
Anders Kaseorg |
gcc-4.3: status |
New |
Invalid |
|
| 2008-12-07 10:35:05 |
Anders Kaseorg |
gcc-4.3: statusexplanation |
|
C99 (at least the draft that’s available online) actually defines this code as invalid.
#include <stdio.h>
int sprintf(char * restrict s, const char * restrict format, ...);
“The sprintf function is equivalent to fprintf, except that the output is written into an array (specified by the argument s) rather than to a stream. A null character is written at the end of the characters written; it is not counted as part of the returned value. If copying takes place between objects that overlap, the behavior is undefined.”
So I guess the real answer is to fix the affected source. It might be nice to know if any software in Ubuntu is affected. |
|
| 2008-12-07 10:42:41 |
Anders Kaseorg |
bug |
|
|
assigned to owl (Ubuntu) |
| 2008-12-07 10:42:52 |
Anders Kaseorg |
bug |
|
|
assigned to barnowl (Ubuntu) |
| 2008-12-07 10:44:42 |
Anders Kaseorg |
bug |
|
|
assigned to nagios-plugins (Ubuntu) |
| 2008-12-07 10:45:13 |
Anders Kaseorg |
bug |
|
|
assigned to xmcd (Ubuntu) |
| 2008-12-07 10:46:46 |
Anders Kaseorg |
bug |
|
|
assigned to mpeg4ip (Ubuntu) |
| 2008-12-07 11:33:07 |
Anders Kaseorg |
bug |
|
|
assigned to 4g8 (Ubuntu) |
| 2008-12-07 11:37:11 |
Anders Kaseorg |
description |
Binary package hint: gcc-4.3
In Hardy and previous releases, one could use statements such as
sprintf(buf, "%s %s%d", buf, foo, bar);
to append formatted text to a buffer buf. Intrepid’s gcc-4.3, which has fortify source turned on by default when compiling with -O2, breaks this pattern. This introduced mysterious bugs into an application I was compiling (the BarnOwl IM client).
Test case: gcc -O2 sprintf-test.c -o sprintf-test
<http://web.mit.edu/andersk/Public/sprintf-test.c>:
#include <stdio.h>
char buf[80] = "not ";
int main()
{
sprintf(buf, "%sfail", buf);
puts(buf);
return 0;
}
This outputs "not fail" in Hardy, and "fail" in Intrepid.
The assembly output shows that the bug has been introduced by replacing the sprintf(buf, "%sfail", buf) call with __sprintf_chk(buf, 1, 80, "%sfail", buf). A workaround is to disable fortify source (gcc -U_FORTIFY_SOURCE).
One might argue that this usage of sprintf() is questionable. I had been under the impression that it is valid, and found many web pages that agree with me, though I was not able to find an authoritative statement either way citing the C specification. I decided to investigate how common this pattern is in real source code.
You can search a source file for instances of it with this regex:
perl -ne 'print if m/sprintf\s*\(\s*([^,]*)\s*,\s*"%s[^"]*"\s*,\s*\1\s*,/'
To determine how common the pattern is, I wrote a script to track down instances using Google Code Search, and found 2888 matches:
<http://web.mit.edu/andersk/Public/sprintf-results>
(For the curious: the script uses a variant of the regex above. I had to use a binary search to emulate backreferences, which aren’t supported by Code Search, so the script makes 46188 queries and takes a rather long time to run. The source is available at <http://web.mit.edu/andersk/Public/sprintf-codesearch.py>.)
My conclusion is that, whether or not this pattern is technically allowed by the C specification, it is common enough that the compiler should be fixed, if that is at all possible. |
Binary package hint: gcc-4.3
In Hardy and previous releases, one could use statements such as
sprintf(buf, "%s %s%d", buf, foo, bar);
to append formatted text to a buffer buf. Intrepid’s gcc-4.3, which has fortify source turned on by default when compiling with -O2, breaks this pattern. This introduced mysterious bugs into an application I was compiling (the BarnOwl IM client).
Test case: gcc -O2 sprintf-test.c -o sprintf-test
<http://web.mit.edu/andersk/Public/sprintf-test.c>:
#include <stdio.h>
char buf[80] = "not ";
int main()
{
sprintf(buf, "%sfail", buf);
puts(buf);
return 0;
}
This outputs "not fail" in Hardy, and "fail" in Intrepid.
The assembly output shows that the bug has been introduced by replacing the sprintf(buf, "%sfail", buf) call with __sprintf_chk(buf, 1, 80, "%sfail", buf). A workaround is to disable fortify source (gcc -U_FORTIFY_SOURCE).
One might argue that this usage of sprintf() is questionable. I had been under the impression that it is valid, and found many web pages that agree with me, though I was not able to find an authoritative statement either way citing the C specification. I decided to investigate how common this pattern is in real source code.
You can search a source file for instances of it with this regex:
pcregrep -M 'sprintf\s*\(\s*([^,]*)\s*,\s*"%s[^"]*"\s*,\s*\1\s*,'
To determine how common the pattern is, I wrote a script to track down instances using Google Code Search, and found 2888 matches:
<http://web.mit.edu/andersk/Public/sprintf-results>
(For the curious: the script uses a variant of the regex above. I had to use a binary search to emulate backreferences, which aren’t supported by Code Search, so the script makes 46188 queries and takes a rather long time to run. The source is available at <http://web.mit.edu/andersk/Public/sprintf-codesearch.py>.)
My conclusion is that, whether or not this pattern is technically allowed by the C specification, it is common enough that the compiler should be fixed, if that is at all possible. |
|
| 2008-12-07 11:38:33 |
Anders Kaseorg |
bug |
|
|
assigned to abiword (Ubuntu) |
| 2008-12-07 11:47:36 |
Anders Kaseorg |
bug |
|
|
assigned to ctn (Ubuntu) |
| 2008-12-07 11:48:56 |
Anders Kaseorg |
bug |
|
|
assigned to hypermail (Ubuntu) |
| 2008-12-07 11:50:13 |
Anders Kaseorg |
bug |
|
|
assigned to asterisk (Ubuntu) |
| 2008-12-07 11:51:11 |
Anders Kaseorg |
bug |
|
|
assigned to atomicparsley (Ubuntu) |
| 2008-12-07 11:52:13 |
Anders Kaseorg |
bug |
|
|
assigned to audacious-plugins (Ubuntu) |
| 2008-12-07 11:57:53 |
Anders Kaseorg |
bug |
|
|
assigned to billard-gl (Ubuntu) |
| 2008-12-07 11:58:42 |
Anders Kaseorg |
bug |
|
|
assigned to binutils (Ubuntu) |
| 2008-12-07 11:59:31 |
Anders Kaseorg |
bug |
|
|
assigned to blender (Ubuntu) |
| 2008-12-07 17:21:34 |
Kees Cook |
bug |
|
|
assigned to glibc (Ubuntu) |
| 2008-12-07 17:43:56 |
Kees Cook |
bug |
|
|
assigned to glibc |
| 2008-12-07 17:44:25 |
Kees Cook |
glibc: status |
New |
Confirmed |
|
| 2008-12-07 17:44:25 |
Kees Cook |
glibc: importance |
Undecided |
High |
|
| 2008-12-07 17:44:25 |
Kees Cook |
glibc: statusexplanation |
|
|
|
| 2008-12-07 17:52:40 |
Bug Watch Updater |
glibc: status |
Unknown |
Invalid |
|
| 2008-12-07 19:25:21 |
Kees Cook |
bug |
|
|
added attachment 'main.log' (report of search in main) |
| 2008-12-07 19:25:51 |
Kees Cook |
bug |
|
|
added attachment 'universe.log' (report of search in universe) |
| 2008-12-07 19:26:18 |
Kees Cook |
bug |
|
|
added attachment 'multiverse.log' (report of search in multiverse) |
| 2008-12-07 21:42:55 |
Kees Cook |
bug |
|
|
added attachment 'main.log' (main.log) |
| 2008-12-07 21:43:32 |
Kees Cook |
bug |
|
|
added attachment 'universe.log' (universe.log) |
| 2008-12-07 21:43:58 |
Kees Cook |
bug |
|
|
added attachment 'multiverse.log' (multiverse.log) |
| 2008-12-23 06:14:32 |
Anders Kaseorg |
bug |
|
|
added attachment 'instructions' (instructions file for proposed massfile) |
| 2008-12-23 06:20:58 |
Anders Kaseorg |
bug |
|
|
added attachment 'instructions' (instructions file for proposed massfile, v2) |
| 2008-12-24 06:13:56 |
Kees Cook |
bug |
|
|
added attachment 'no-sprintf-pre-truncate.diff' (no-sprintf-pre-truncate.diff) |
| 2008-12-24 19:00:12 |
Kees Cook |
4g8: status |
New |
Invalid |
|
| 2008-12-24 19:00:18 |
Kees Cook |
abiword: status |
New |
Invalid |
|
| 2008-12-24 19:00:22 |
Kees Cook |
asterisk: status |
New |
Invalid |
|
| 2008-12-24 19:00:27 |
Kees Cook |
atomicparsley: status |
New |
Invalid |
|
| 2008-12-24 19:00:30 |
Kees Cook |
audacious-plugins: status |
New |
Invalid |
|
| 2008-12-24 19:00:36 |
Kees Cook |
barnowl: status |
New |
Invalid |
|
| 2008-12-24 19:00:40 |
Kees Cook |
billard-gl: status |
New |
Invalid |
|
| 2008-12-24 19:00:46 |
Kees Cook |
binutils: status |
New |
Invalid |
|
| 2008-12-24 19:00:50 |
Kees Cook |
blender: status |
New |
Invalid |
|
| 2008-12-24 19:00:55 |
Kees Cook |
ctn: status |
New |
Invalid |
|
| 2008-12-24 19:00:59 |
Kees Cook |
gcc-4.3: status |
New |
Invalid |
|
| 2008-12-24 19:01:04 |
Kees Cook |
glibc: status |
New |
Invalid |
|
| 2008-12-24 19:01:09 |
Kees Cook |
hypermail: status |
New |
Invalid |
|
| 2008-12-24 19:01:14 |
Kees Cook |
mpeg4ip: status |
New |
Invalid |
|
| 2008-12-24 19:01:19 |
Kees Cook |
nagios-plugins: status |
New |
Invalid |
|
| 2008-12-24 19:01:24 |
Kees Cook |
owl: status |
New |
Invalid |
|
| 2008-12-24 19:01:33 |
Kees Cook |
xmcd: status |
New |
Invalid |
|
| 2008-12-24 19:01:39 |
Kees Cook |
4g8: status |
New |
Invalid |
|
| 2008-12-24 19:01:43 |
Kees Cook |
abiword: status |
New |
Invalid |
|
| 2008-12-24 19:01:49 |
Kees Cook |
asterisk: status |
New |
Invalid |
|
| 2008-12-24 19:01:57 |
Kees Cook |
atomicparsley: status |
New |
Invalid |
|
| 2008-12-24 19:02:02 |
Kees Cook |
audacious-plugins: status |
New |
Invalid |
|
| 2008-12-24 19:02:08 |
Kees Cook |
barnowl: status |
New |
Invalid |
|
| 2008-12-24 19:02:14 |
Kees Cook |
billard-gl: status |
New |
Invalid |
|
| 2008-12-24 19:02:19 |
Kees Cook |
binutils: status |
New |
Invalid |
|
| 2008-12-24 19:02:26 |
Kees Cook |
blender: status |
New |
Invalid |
|
| 2008-12-24 19:02:34 |
Kees Cook |
ctn: status |
New |
Invalid |
|
| 2008-12-24 19:02:39 |
Kees Cook |
glibc: status |
Confirmed |
Invalid |
|
| 2008-12-24 19:02:44 |
Kees Cook |
hypermail: status |
New |
Invalid |
|
| 2008-12-24 19:02:48 |
Kees Cook |
mpeg4ip: status |
New |
Invalid |
|
| 2008-12-24 19:02:52 |
Kees Cook |
nagios-plugins: status |
New |
Invalid |
|
| 2008-12-24 19:03:01 |
Kees Cook |
owl: status |
New |
Invalid |
|
| 2008-12-24 19:03:06 |
Kees Cook |
xmcd: status |
New |
Invalid |
|
| 2008-12-24 19:03:27 |
Kees Cook |
glibc: status |
Invalid |
Confirmed |
|
| 2008-12-24 19:03:27 |
Kees Cook |
glibc: assignee |
|
kees |
|
| 2008-12-24 19:03:27 |
Kees Cook |
glibc: importance |
Undecided |
High |
|
| 2008-12-24 19:03:27 |
Kees Cook |
glibc: statusexplanation |
|
Marking the source packages as Invalid, since they will be handled upstream. The glibc patch restores the original behavior, so it will get SRU'd into Intrepid and fixed in Jaunty. |
|
| 2008-12-24 19:03:58 |
Kees Cook |
glibc: status |
Invalid |
Fix Committed |
|
| 2008-12-24 19:03:58 |
Kees Cook |
glibc: assignee |
|
kees |
|
| 2008-12-24 19:03:58 |
Kees Cook |
glibc: statusexplanation |
|
|
|
| 2009-01-05 22:40:12 |
Launchpad Janitor |
glibc: status |
Fix Committed |
Fix Released |
|
| 2009-01-08 22:27:55 |
Kees Cook |
glibc: status |
Confirmed |
In Progress |
|
| 2009-01-08 22:27:55 |
Kees Cook |
glibc: statusexplanation |
Marking the source packages as Invalid, since they will be handled upstream. The glibc patch restores the original behavior, so it will get SRU'd into Intrepid and fixed in Jaunty. |
|
|
| 2009-01-08 22:29:20 |
Kees Cook |
bug |
|
|
added attachment 'glibc_2.8~20080505-0ubuntu8.debdiff' (glibc_2.8~20080505-0ubuntu8.debdiff) |
| 2009-01-08 22:31:11 |
Kees Cook |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2009-01-09 12:49:01 |
Martin Pitt |
glibc: status |
In Progress |
Fix Committed |
|
| 2009-01-09 12:49:39 |
Martin Pitt |
bug |
|
|
added subscriber SRU Verification |
| 2009-01-29 08:00:54 |
Launchpad Janitor |
glibc: status |
Fix Committed |
Fix Released |
|
| 2010-02-22 22:19:25 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/intrepid-updates/glibc |
|
| 2010-02-22 22:22:12 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/jaunty/glibc |
|
| 2011-05-26 09:04:47 |
Bug Watch Updater |
glibc: importance |
Unknown |
Medium |
|
| 2019-02-23 03:55:43 |
Bug Watch Updater |
glibc: status |
Invalid |
Confirmed |
|
