Date: Tue, 04 Jun 2002 11:47:47 +0400 From: Igor Roboul <igorr@speechpro.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: misc/38884: bug in vfprinf.c function cvt(...) Message-ID: <E17F92h-000K3e-00@sysadm.stc>
next in thread | raw e-mail | index | archive | help
>Number: 38884
>Category: misc
>Synopsis: bug in vfprinf.c function cvt(...)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jun 04 00:50:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: Igor Roboul
>Release: FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD sysadm.stc 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Thu May 30 16:13:28 MSD 2002 root@sysadm.stc:/opt/freebsd/obj/opt/freebsd/src/sys/SYSADM i386
>Description:
Function cvt(double value, int ndigits, int flags, char *sign, int *decpt,
int ch, int *length, char **dtoaresultp) in vfprintf.c does not
check return value of __dtoa(...) for NaN or Infinity value. Because
of this mutt (mail program from ports) sometimes crashes with Sig 10 in
vfprintf when showing list of attachments or after exitiong from editor when
composing new message.
>How-To-Repeat:
Launch mutt. Then open some mail with attachments, then try get list of
attachments (press 'v'). Sometimes, really often, mutt crashes with Signal 10.
Same result you can get if you try send new message.
>Fix:
I have changed function cvt(...) in file /usr/src/lib/libc/stdio/vfprintf.c
so it checks for *decpt!=9999 (as commented in function __dtoa(...) in file
/usr/src/lib/libc/stdlib/strtod.c, value 9999 for *decpt indicates Infinity or
NaN)
Patch bellow:
--- vfprintf.c.orig Mon Jun 3 16:27:59 2002
+++ vfprintf.c Tue Jun 4 11:08:59 2002
@@ -1415,17 +1415,19 @@
digits = __dtoa(value, mode, ndigits, decpt, &dsgn, &rve,
dtoaresultp);
if ((ch != 'g' && ch != 'G') || flags & ALT) {
- /* print trailing zeros */
- bp = digits + ndigits;
- if (ch == 'f') {
- if (*digits == '0' && value)
- *decpt = -ndigits + 1;
- bp += *decpt;
- }
- if (value == 0) /* kludge for __dtoa irregularity */
- rve = bp;
- while (rve < bp)
- *rve++ = '0';
+ if(*decpt != 9999 ) { /* not (Infinity or NaN) */
+ /* print trailing zeros */
+ bp = digits + ndigits;
+ if (ch == 'f') {
+ if (*digits == '0' && value)
+ *decpt = -ndigits + 1;
+ bp += *decpt;
+ }
+ if (value == 0) /* kludge for __dtoa irregularity */
+ rve = bp;
+ while (rve < bp)
+ *rve++ = '0';
+ }
}
*length = rve - digits;
return (digits);
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E17F92h-000K3e-00>