Public bug reported:
The C99 specification states for swprintf (section 7.24.2.3):
> The swprintf function is equivalent to fwprintf, except that the
argument s specifies an array of wide characters into which the
generated output is to be written, rather than written to a stream. No
more than n wide characters are written, including a terminating null
wide character, which is always added (unless n is zero).
My interpretation that "always" includes failure, including truncation
error. However, it appears that swprintf from glibc does NOT NUL-
terminate on truncation. (I am using glibc 2.24 and gcc 6.3.0 20170406
from an Ubuntu 17.04 x64 (desktop) live CD.)
I have attached sample code that exhibits this problem. The output I
expect is:
ret: -1 buf: 68 0
but instead I get:
ret: -1 buf: 68 cacacaca
(I do get the expected behavior with libc on FreeBSD and macOS.)
** Affects: glibc (Ubuntu)
Importance: Undecided
Status: New
** Attachment added: "Sample code"
https://bugs.launchpad.net/bugs/1712253/+attachment/4936774/+files/test_swprintf.c
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1712253
Title:
swprintf does not guarantee NUL termination
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1712253/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
