I think I found the problem. At least the following patch taken from FreeBSD fixes the issue for me:
Index: lib/libc/stdio/vsnprintf.c =================================================================== RCS file: /home/dcvs/src/lib/libc/stdio/vsnprintf.c,v retrieving revision 1.8 diff -r1.8 vsnprintf.c 53c53 < char dummy; --- > char dummy[2]; 63c63,65 < str = &dummy; --- > if (on > 0) > *str = '\0'; > str = dummy; The FreeBSD commit message is: revision 1.22 date: 2003-07-02 00:08:44 -0700; author: jkh; state: Exp; lines: +5 -3; When size is 1 should just null terminate the string. The dummy variable is made an array of two, to explicitly avoid stack corruption due to null-terminating (which is doesn't actually happen due to stack alignment padding). Submitted by: Ed Moy <[EMAIL PROTECTED]> Obtained from: Apple Computer, Inc. Does anyone understand, why more than one byte may be written if n = 1? Cheers, Johannes Simon 'corecode' Schubert <[EMAIL PROTECTED]> wrote: > [-- text/plain, encoding quoted-printable, charset: UTF-8, 29 lines --] > > Simon 'corecode' Schubert wrote: >> Johannes Hofmann wrote: >>> Hello, >>> >>> I see crashes with a string handling library on DragonFly. >>> The problem can be reduced to the test program below. It crashes on >>> DragonFly when compiled with "gcc -O2 -o foo foo.c". Without -O2 it >>> runs fine. No problems on Linux with or without -O2. >>> Can anyone spot the problem? I think its related to the use of >>> va_copy(). >> >> No, the problem is that gcc uses %ebx after a function call, which it is >> not allowed to do: > [snip] >> Or does the ABI dictate that %ebx needs to be restored? Seems that >> linux/glibc doesn't clobber ebx. > > okay, I am wrong here. %ebx is supposed to be saved and is also being > saved by vsnprinf. gcc is good. > > So this is actually a case of stack smashing. Have fun finding the bug > in vsnprintf or in your code :) > >> cheers >> simon > > > > [-- application/pgp-signature, encoding 7bit, 9 lines, name: signature.asc --] > [-- Description: OpenPGP digital signature --] >