Re: [Mingw-w64-public] swscanf() crashes if __USE_MINGW_ANSI_STDIO is defined
On 14 November 2017 at 11:40, Liu Haowrote: > On 2017/11/14 9:58, Liu Hao wrote: >> On 2017/11/13 11:11, David Lee wrote: >>> Built and tested a cross compiler (i686-w64-mingw32-gcc 6.4.0) on >>> debian stretch with master mingw-w64. Same crash. >>> >> Yeah I just updated MSYS2's repos and observed the crash... can't imagine >> why it didn't crash a few days ago. >> >> The patch for mingw_vfscanf.c on SF is a bit complex so let me take a deep >> look at it. >> >> > > AFAICT the C99 standard doesn't treat the format strings of *scanf and w*canf > and differently. > That is, %s always designates a narrow string and %ls always designates a > wide string. So are %c and %lc. > > Basing on that, I think the fix in 72d60c1a06490ec5937e6c620956b167bf0bf329 > can be applied cleanly to its wide variant. > The patch attached is confirmed to fix the crash on x86_64 and i686. Please > review. > Tried on my cross compiler and the crash went away. Thanks. I need to test more (e.g. field width + assignment suppression for %s) though. David Lee. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Mingw-w64-public mailing list Mingw-w64-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mingw-w64-public
Re: [Mingw-w64-public] swscanf() crashes if __USE_MINGW_ANSI_STDIO is defined
On 2017/11/14 9:58, Liu Hao wrote: > On 2017/11/13 11:11, David Lee wrote: >> Built and tested a cross compiler (i686-w64-mingw32-gcc 6.4.0) on >> debian stretch with master mingw-w64. Same crash. >> > Yeah I just updated MSYS2's repos and observed the crash... can't imagine why > it didn't crash a few days ago. > > The patch for mingw_vfscanf.c on SF is a bit complex so let me take a deep > look at it. > > AFAICT the C99 standard doesn't treat the format strings of *scanf and w*canf and differently. That is, %s always designates a narrow string and %ls always designates a wide string. So are %c and %lc. Basing on that, I think the fix in 72d60c1a06490ec5937e6c620956b167bf0bf329 can be applied cleanly to its wide variant. The patch attached is confirmed to fix the crash on x86_64 and i686. Please review. -- Best regards, LH_Mouse From c470391c15e8006c43bc8d3924d1ad44de94ed87 Mon Sep 17 00:00:00 2001 From: Liu HaoDate: Tue, 14 Nov 2017 10:16:24 +0800 Subject: [PATCH] stdio/mingw_wvfscanf.c: Fix segmentation fault when a char or string format (without malloc option) is used, like 72d60c1a06490ec5937e6c620956b167bf0bf329. Signed-off-by: Liu Hao --- mingw-w64-crt/stdio/mingw_wvfscanf.c | 24 +++- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/mingw-w64-crt/stdio/mingw_wvfscanf.c b/mingw-w64-crt/stdio/mingw_wvfscanf.c index 045aba79..043c19b4 100644 --- a/mingw-w64-crt/stdio/mingw_wvfscanf.c +++ b/mingw-w64-crt/stdio/mingw_wvfscanf.c @@ -104,13 +104,19 @@ get_va_nth (va_list argp, unsigned int n) } static void -optimize_alloc (int do_realloc, char **p, size_t sz, size_t need_sz, size_t typ_sz) +optimize_alloc (char **p, char *end, size_t alloc_sz) { + size_t need_sz; char *h; - if (!do_realloc || sz == need_sz || !p || *p == NULL) + if (!p || !*p) return; - if ((h = (char *) realloc (*p, need_sz * typ_sz)) != NULL) + + need_sz = end - *p; + if (need_sz == alloc_sz) +return; + + if ((h = (char *) realloc (*p, need_sz)) != NULL) *p = h; } @@ -629,7 +635,7 @@ __mingw_swformat (_IFP *s, const wchar_t *format, va_list argp) if ((flags & IS_SUPPRESSED) == 0) { - optimize_alloc ((flags & IS_ALLOC_USED) != 0, pstr, str_sz, (str - *pstr), sizeof (char)); + optimize_alloc (pstr, str, str_sz); pstr = NULL; ++rval; } @@ -708,7 +714,7 @@ __mingw_swformat (_IFP *s, const wchar_t *format, va_list argp) if ((flags & IS_SUPPRESSED) == 0) { - optimize_alloc ((flags & IS_ALLOC_USED) != 0, pstr, str_sz, (wstr - (wchar_t *) *pstr), sizeof (wchar_t)); + optimize_alloc (pstr, (char *) wstr, str_sz * sizeof (wchar_t)); pstr = NULL; ++rval; } @@ -824,7 +830,7 @@ __mingw_swformat (_IFP *s, const wchar_t *format, va_list argp) } *str++ = 0; - optimize_alloc ((flags & IS_ALLOC_USED) != 0, pstr, str_sz, (str - *pstr), sizeof (char)); + optimize_alloc (pstr, str, str_sz); pstr = NULL; ++rval; } @@ -903,7 +909,7 @@ __mingw_swformat (_IFP *s, const wchar_t *format, va_list argp) { *wstr++ = 0; - optimize_alloc ((flags & IS_ALLOC_USED) != 0, pstr, str_sz, (wstr - (wchar_t *) *pstr), sizeof (wchar_t)); + optimize_alloc (pstr, (char *) wstr, str_sz * sizeof (wchar_t)); pstr = NULL; ++rval; } @@ -1449,7 +1455,7 @@ __mingw_swformat (_IFP *s, const wchar_t *format, va_list argp) { *wstr++ = 0; - optimize_alloc ((flags & IS_ALLOC_USED) != 0, pstr, str_sz, (wstr - (wchar_t *) *pstr), sizeof (wchar_t)); + optimize_alloc (pstr, (char *) wstr, str_sz * sizeof (wchar_t)); pstr = NULL; ++rval; } @@ -1581,7 +1587,7 @@ __mingw_swformat (_IFP *s, const wchar_t *format, va_list argp) } *str++ = 0; - optimize_alloc ((flags & IS_ALLOC_USED) != 0, pstr, str_sz, (str - *pstr), sizeof (char)); + optimize_alloc (pstr, str, str_sz); pstr = NULL; ++rval; } -- 2.14.2 -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Mingw-w64-public mailing list Mingw-w64-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mingw-w64-public
Re: [Mingw-w64-public] swscanf() crashes if __USE_MINGW_ANSI_STDIO is defined
On 2017/11/13 11:11, David Lee wrote: Built and tested a cross compiler (i686-w64-mingw32-gcc 6.4.0) on debian stretch with master mingw-w64. Same crash. Yeah I just updated MSYS2's repos and observed the crash... can't imagine why it didn't crash a few days ago. The patch for mingw_vfscanf.c on SF is a bit complex so let me take a deep look at it. -- Best regards, LH_Mouse -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Mingw-w64-public mailing list Mingw-w64-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mingw-w64-public
Re: [Mingw-w64-public] swscanf() crashes if __USE_MINGW_ANSI_STDIO is defined
On 12 November 2017 at 15:28, David Leewrote: > On 11 November 2017 at 21:47, Hannes Domani via Mingw-w64-public > wrote: >> Am Samstag, 11. November 2017, 10:15:00 MEZ hat Liu Hao >> Folgendes geschrieben: >> >>> Debugging in assembly exposes indirection through a null pointer in >>> `mingw-w64-crt/stdio/mingw_wvfscanf.c` around or after line 906: >>> >>> ``` >>> optimize_alloc ((flags & IS_ALLOC_USED) != 0, pstr, str_sz, (wstr - >>> (wchar_t *) *pstr), sizeof (wchar_t));` >>> ``` >> >> pstr==NULL, so the *pstr part crashes. >> >>> The CRT libraries of those toolchains were not compiled with debug >>> information. Further investigation might not be possible. >>> >>> I am not able to reproducible this problem on master. You might want to >>> try a newer version and see if the problem still exists. >> >> It doesn't look fixed on master, mingw_wvfscanf.c is the same in v5.x and >> master. >> >> But as far as I can tell this was fixed in mingw_vfscanf in here: >> https://sourceforge.net/p/mingw-w64/mailman/message/27912175/ >> https://sourceforge.net/p/mingw-w64/mingw-w64/ci/72d60c1a06490ec5937e6c620956b167bf0bf329/ >> >> There is even the suggestion that mingw_wvfscanf.c might need a similar fix, >> which was never done. >> > > Looks like the fix was in mingw_vfscanf.c but not in mingw_wvfscanf.c. > optimize_alloc() looks different in each file. > > I'll try building a GCC with master mingw-w64, test it and see what happens. > Built and tested a cross compiler (i686-w64-mingw32-gcc 6.4.0) on debian stretch with master mingw-w64. Same crash. David Lee. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Mingw-w64-public mailing list Mingw-w64-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mingw-w64-public
Re: [Mingw-w64-public] swscanf() crashes if __USE_MINGW_ANSI_STDIO is defined
On 11 November 2017 at 21:47, Hannes Domani via Mingw-w64-publicwrote: > Am Samstag, 11. November 2017, 10:15:00 MEZ hat Liu Hao > Folgendes geschrieben: > >> Debugging in assembly exposes indirection through a null pointer in >> `mingw-w64-crt/stdio/mingw_wvfscanf.c` around or after line 906: >> >> ``` >> optimize_alloc ((flags & IS_ALLOC_USED) != 0, pstr, str_sz, (wstr - >> (wchar_t *) *pstr), sizeof (wchar_t));` >> ``` > > pstr==NULL, so the *pstr part crashes. > >> The CRT libraries of those toolchains were not compiled with debug >> information. Further investigation might not be possible. >> >> I am not able to reproducible this problem on master. You might want to >> try a newer version and see if the problem still exists. > > It doesn't look fixed on master, mingw_wvfscanf.c is the same in v5.x and > master. > > But as far as I can tell this was fixed in mingw_vfscanf in here: > https://sourceforge.net/p/mingw-w64/mailman/message/27912175/ > https://sourceforge.net/p/mingw-w64/mingw-w64/ci/72d60c1a06490ec5937e6c620956b167bf0bf329/ > > There is even the suggestion that mingw_wvfscanf.c might need a similar fix, > which was never done. > Looks like the fix was in mingw_vfscanf.c but not in mingw_wvfscanf.c. optimize_alloc() looks different in each file. I'll try building a GCC with master mingw-w64, test it and see what happens. David Lee. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Mingw-w64-public mailing list Mingw-w64-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mingw-w64-public
Re: [Mingw-w64-public] swscanf() crashes if __USE_MINGW_ANSI_STDIO is defined
On 2017/11/11 21:47, Hannes Domani via Mingw-w64-public wrote: Am Samstag, 11. November 2017, 10:15:00 MEZ hat Liu HaoFolgendes geschrieben: Debugging in assembly exposes indirection through a null pointer in `mingw-w64-crt/stdio/mingw_wvfscanf.c` around or after line 906: ``` optimize_alloc ((flags & IS_ALLOC_USED) != 0, pstr, str_sz, (wstr - (wchar_t *) *pstr), sizeof (wchar_t));` ``` pstr==NULL, so the *pstr part crashes. No, on the master branch it does not crash. The CRT libraries of those toolchains were not compiled with debug information. Further investigation might not be possible. I am not able to reproducible this problem on master. You might want to try a newer version and see if the problem still exists. It doesn't look fixed on master, mingw_wvfscanf.c is the same in v5.x and master. But as far as I can tell this was fixed in mingw_vfscanf in here: https://sourceforge.net/p/mingw-w64/mailman/message/27912175/ https://sourceforge.net/p/mingw-w64/mingw-w64/ci/72d60c1a06490ec5937e6c620956b167bf0bf329/ There is even the suggestion that mingw_wvfscanf.c might need a similar fix, which was never done. Do it today? I just can't reproduce the problem so I can't test it. Sorry. -- Best regards, LH_Mouse -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Mingw-w64-public mailing list Mingw-w64-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mingw-w64-public
Re: [Mingw-w64-public] swscanf() crashes if __USE_MINGW_ANSI_STDIO is defined
Am Samstag, 11. November 2017, 10:15:00 MEZ hat Liu HaoFolgendes geschrieben: > Debugging in assembly exposes indirection through a null pointer in > `mingw-w64-crt/stdio/mingw_wvfscanf.c` around or after line 906: > > ``` > optimize_alloc ((flags & IS_ALLOC_USED) != 0, pstr, str_sz, (wstr - > (wchar_t *) *pstr), sizeof (wchar_t));` > ``` pstr==NULL, so the *pstr part crashes. > The CRT libraries of those toolchains were not compiled with debug > information. Further investigation might not be possible. > > I am not able to reproducible this problem on master. You might want to > try a newer version and see if the problem still exists. It doesn't look fixed on master, mingw_wvfscanf.c is the same in v5.x and master. But as far as I can tell this was fixed in mingw_vfscanf in here: https://sourceforge.net/p/mingw-w64/mailman/message/27912175/ https://sourceforge.net/p/mingw-w64/mingw-w64/ci/72d60c1a06490ec5937e6c620956b167bf0bf329/ There is even the suggestion that mingw_wvfscanf.c might need a similar fix, which was never done. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Mingw-w64-public mailing list Mingw-w64-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mingw-w64-public
Re: [Mingw-w64-public] swscanf() crashes if __USE_MINGW_ANSI_STDIO is defined
On 2017/11/11 12:41, David Lee wrote: Hello, Tried to compile and run the following C code on Windows (with gcc/mingw-w64), and it crashed at the swscanf() call: #define __USE_MINGW_ANSI_STDIO 1 #include int main(void) { wchar_t buf[] = L"1 2 3"; wchar_t field[10]; swscanf(buf, L"%ls", field); // crash wprintf(L"%ls\n", field); return 0; } This is not my original code. The original code is C++ which includes a C++ header which indirectly defines __USE_MINGW_ANSI_STDIO (after multiple levels of includes), so originally I didn't define this constant myself. At least the code here doesn't have C++ influences. I assumed that, if __USE_MINGW_ANSI_STDIO is defined to be 1, then the Microsoft convention of interpreting %s" is suppressed and C99 convention rules. It applies to *printf() so I assumed it applies to *scanf() as well. Instead the program crashed. The swscanf() call still crashed with different specifiers: "%s", and "%S" The compiler used were downloaded from here (5.4.0 and 6.4.0) https://sourceforge.net/projects/mingw-w64/files/Multilib%20Toolchains%28Targetting%20Win32%20and%20Win64%29/ Regards, David Lee. Debugging in assembly exposes indirection through a null pointer in `mingw-w64-crt/stdio/mingw_wvfscanf.c` around or after line 906: ``` optimize_alloc ((flags & IS_ALLOC_USED) != 0, pstr, str_sz, (wstr - (wchar_t *) *pstr), sizeof (wchar_t));` ``` The CRT libraries of those toolchains were not compiled with debug information. Further investigation might not be possible. I am not able to reproducible this problem on master. You might want to try a newer version and see if the problem still exists. -- Best regards, LH_Mouse -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Mingw-w64-public mailing list Mingw-w64-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mingw-w64-public