Bug#553206: libc6: Similar fail for %llu on 0x200000-long string of '9's

To: Debian Bug Tracking System <553206@bugs.debian.org>
Subject: Bug#553206: libc6: Similar fail for %llu on 0x200000-long string of '9's
From: Edward Welbourne <eddy@opera.com>
Date: Tue, 09 Mar 2010 16:39:06 +0100
Message-id: <20100309153906.19947.42081.reportbug@whorl>
Reply-to: eddy@opera.com, 553206@bugs.debian.org

Package: libc6
Version: 2.10.2-6
Severity: normal

Here's a stack-trace: <quote src="gdb">

(gdb) run
Starting program: /disk/home/eddy/work/mine/toys/sscanferange 

Program received signal SIGSEGV, Segmentation fault.
0xb7ee1d2d in _IO_vfscanf_internal (s=0xbfdff2dc, format=0x8048540 "%llu", argptr=0xbfdff3a8 "žóÿ¿", errp=0x0) at vfscanf.c:1760
1760	vfscanf.c: No such file or directory.
	in vfscanf.c
(gdb) bt
#0  0xb7ee1d2d in _IO_vfscanf_internal (s=0xbfdff2dc, format=0x8048540 "%llu", argptr=0xbfdff3a8 "žóÿ¿", errp=0x0) at vfscanf.c:1760
#1  0xb7ee79c5 in *__GI___isoc99_vsscanf (string=0xbfdff3b7 '9' <repeats 200 times>..., format=0x8048540 "%llu", args=0xbfdff3a8 "žóÿ¿") at isoc99_vsscanf.c:44
#2  0xb7ee791f in __isoc99_sscanf (s=0xbfdff3b7 '9' <repeats 200 times>..., format=0x8048540 "%llu") at isoc99_sscanf.c:33
#3  0x08048474 in main () at sscanferange.c:11

</quote> produced by this source <file name="sscanferange.c">

#include <stdio.h>
#include <string.h>
#include <errno.h>

#define SIZE 0x200000 // crashes; 0x1fffff is ok
int main()
{
	unsigned long long val;
	char buf[SIZE + 1];
	memset(buf, '9', SIZE);
	buf[SIZE] = '\0';
	errno = 0;
	return 1 != sscanf(buf, "%llu", &val) || errno != ERANGE;
}

</file>
There appears to be a two megabyte limit on endurable length of
the string of digits.

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_GB.ISO-8859-15, LC_CTYPE=en_GB.ISO-8859-15 (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages libc6 depends on:
ii  libc-bin                      2.10.2-6   Embedded GNU C Library: Binaries
ii  libgcc1                       1:4.4.2-9  GCC support library

Versions of packages libc6 recommends:
ii  libc6-i686                    2.10.2-6   GNU C Library: Shared libraries [i

Versions of packages libc6 suggests:
ii  debconf [debconf-2.0]         1.5.28     Debian configuration management sy
ii  glibc-doc                     2.10.2-6   Embedded GNU C Library: Documentat
ii  locales                       2.10.2-6   Embedded GNU C Library: National L

-- debconf information:
* glibc/upgrade: true
* glibc/disable-screensaver:
  glibc/restart-failed:
* glibc/restart-services: rsync openbsd-inetd nis exim4 cups cron atd xdm

Reply to:

Follow-Ups:
- Bug#553206: libc6: Similar fail for %llu on 0x200000-long string of '9's
  - From: Edward Welbourne <eddy@opera.com>

Prev by Date: Bug#561249: Spurious warning with -Wconversion (uint16_t/htons) in -O2 mode
Next by Date: r4223 - glibc-package/trunk/debian/patches/hurd-i386
Previous by thread: Processed: Re: Bug#561249: Spurious warning with -Wconversion (uint16_t/htons) in -O2 mode
Next by thread: Bug#553206: libc6: Similar fail for %llu on 0x200000-long string of '9's
Index(es):
- Date
- Thread