newlib-nano printf("%.*s",moo) walks off the end of string
Bug #1385829 reported by
Clem Taylor
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Arm Embedded Toolchain |
Fix Released
|
Undecided
|
Terry Guo |
Bug Description
I have always used:
char moo[16];
printf(
To print potentially non-terminated strings.
With the assumption that printf() will *not* attempt to read moo[16].
However, it seems that the newlib-nano implementation calls
strlen() instead of something like strnlen() and happily walks off the end of memory.
In the case that caught the bug, the string was near the end of flash and the rest of the data was 0xFF, so it walked off the end of flash until it took a hard fault. I doubt I would have caught it otherwise.
I'm using gcc-arm-
Changed in gcc-arm-embedded: | |
status: | In Progress → Fix Committed |
Changed in gcc-arm-embedded: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Thank you for the report. But I can not reproduce it with the following case:
#include <stdio.h>
'c' ,'c','c' ,'c',
'c' ,'c','c' ,'c',
'c' ,'c','c' ,'c'};
int main ()
{
char moo[16] = {'c','c','c','c',
printf("%.*s\n", 10, moo);
printf("%.*s\n", 16, moo);
return 0;
}
arm-none-eabi-gcc -mcpu=cortex-m0 -mthumb -O2 printf.c --specs=nano.specs -specs=rdimon.specs
./a.out
cccccccccc
cccccccccccccccc
The output are correct.
Can you show us more detail about your case?