Ubuntu
glibc package

swprintf does not guarantee NUL termination

Bug #1712253 reported by James Lin on 2017-08-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	glibc (Ubuntu)	New	Undecided	Unassigned

Bug Description

The C99 specification states for swprintf (section 7.24.2.3):

> The swprintf function is equivalent to fwprintf, except that the argument s specifies an array of wide characters into which the generated output is to be written, rather than written to a stream. No more than n wide characters are written, including a terminating null wide character, which is always added (unless n is zero).

My interpretation that "always" includes failure, including truncation error. However, it appears that swprintf from glibc does NOT NUL-terminate on truncation. (I am using glibc 2.24 and gcc 6.3.0 20170406 from an Ubuntu 17.04 x64 (desktop) live CD.)

I have attached sample code that exhibits this problem. The output I expect is:

ret: -1 buf: 68 0

but instead I get:

ret: -1 buf: 68 cacacaca

(I do get the expected behavior with libc on FreeBSD and macOS.)

Revision history for this message

James Lin (jamesdlin) wrote on 2017-08-22:

Sample code Edit (287 bytes, text/x-csrc)

Revision history for this message

James Lin (jamesdlin) wrote on 2019-01-23:

This still occurs with glibc 2.27-3ubuntu1 from Ubuntu 18.04.1 LTS x64.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Sample code Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuglibc package