Activity log for bug #305901

Date Who What changed Old value New value Message
2008-12-07 04:00:09 Anders Kaseorg bug added bug
2008-12-07 10:35:05 Anders Kaseorg gcc-4.3: status New Invalid
2008-12-07 10:35:05 Anders Kaseorg gcc-4.3: statusexplanation C99 (at least the draft that’s available online) actually defines this code as invalid. #include <stdio.h> int sprintf(char * restrict s, const char * restrict format, ...); “The sprintf function is equivalent to fprintf, except that the output is written into an array (specified by the argument s) rather than to a stream. A null character is written at the end of the characters written; it is not counted as part of the returned value. If copying takes place between objects that overlap, the behavior is undefined.” So I guess the real answer is to fix the affected source. It might be nice to know if any software in Ubuntu is affected.
2008-12-07 10:42:41 Anders Kaseorg bug assigned to owl (Ubuntu)
2008-12-07 10:42:52 Anders Kaseorg bug assigned to barnowl (Ubuntu)
2008-12-07 10:44:42 Anders Kaseorg bug assigned to nagios-plugins (Ubuntu)
2008-12-07 10:45:13 Anders Kaseorg bug assigned to xmcd (Ubuntu)
2008-12-07 10:46:46 Anders Kaseorg bug assigned to mpeg4ip (Ubuntu)
2008-12-07 11:33:07 Anders Kaseorg bug assigned to 4g8 (Ubuntu)
2008-12-07 11:37:11 Anders Kaseorg description Binary package hint: gcc-4.3 In Hardy and previous releases, one could use statements such as sprintf(buf, "%s %s%d", buf, foo, bar); to append formatted text to a buffer buf. Intrepid’s gcc-4.3, which has fortify source turned on by default when compiling with -O2, breaks this pattern. This introduced mysterious bugs into an application I was compiling (the BarnOwl IM client). Test case: gcc -O2 sprintf-test.c -o sprintf-test <http://web.mit.edu/andersk/Public/sprintf-test.c>: #include <stdio.h> char buf[80] = "not "; int main() { sprintf(buf, "%sfail", buf); puts(buf); return 0; } This outputs "not fail" in Hardy, and "fail" in Intrepid. The assembly output shows that the bug has been introduced by replacing the sprintf(buf, "%sfail", buf) call with __sprintf_chk(buf, 1, 80, "%sfail", buf). A workaround is to disable fortify source (gcc -U_FORTIFY_SOURCE). One might argue that this usage of sprintf() is questionable. I had been under the impression that it is valid, and found many web pages that agree with me, though I was not able to find an authoritative statement either way citing the C specification. I decided to investigate how common this pattern is in real source code. You can search a source file for instances of it with this regex: perl -ne 'print if m/sprintf\s*\(\s*([^,]*)\s*,\s*"%s[^"]*"\s*,\s*\1\s*,/' To determine how common the pattern is, I wrote a script to track down instances using Google Code Search, and found 2888 matches: <http://web.mit.edu/andersk/Public/sprintf-results> (For the curious: the script uses a variant of the regex above. I had to use a binary search to emulate backreferences, which aren’t supported by Code Search, so the script makes 46188 queries and takes a rather long time to run. The source is available at <http://web.mit.edu/andersk/Public/sprintf-codesearch.py>.) My conclusion is that, whether or not this pattern is technically allowed by the C specification, it is common enough that the compiler should be fixed, if that is at all possible. Binary package hint: gcc-4.3 In Hardy and previous releases, one could use statements such as sprintf(buf, "%s %s%d", buf, foo, bar); to append formatted text to a buffer buf. Intrepid’s gcc-4.3, which has fortify source turned on by default when compiling with -O2, breaks this pattern. This introduced mysterious bugs into an application I was compiling (the BarnOwl IM client). Test case: gcc -O2 sprintf-test.c -o sprintf-test <http://web.mit.edu/andersk/Public/sprintf-test.c>: #include <stdio.h> char buf[80] = "not "; int main() { sprintf(buf, "%sfail", buf); puts(buf); return 0; } This outputs "not fail" in Hardy, and "fail" in Intrepid. The assembly output shows that the bug has been introduced by replacing the sprintf(buf, "%sfail", buf) call with __sprintf_chk(buf, 1, 80, "%sfail", buf). A workaround is to disable fortify source (gcc -U_FORTIFY_SOURCE). One might argue that this usage of sprintf() is questionable. I had been under the impression that it is valid, and found many web pages that agree with me, though I was not able to find an authoritative statement either way citing the C specification. I decided to investigate how common this pattern is in real source code. You can search a source file for instances of it with this regex: pcregrep -M 'sprintf\s*\(\s*([^,]*)\s*,\s*"%s[^"]*"\s*,\s*\1\s*,' To determine how common the pattern is, I wrote a script to track down instances using Google Code Search, and found 2888 matches: <http://web.mit.edu/andersk/Public/sprintf-results> (For the curious: the script uses a variant of the regex above. I had to use a binary search to emulate backreferences, which aren’t supported by Code Search, so the script makes 46188 queries and takes a rather long time to run. The source is available at <http://web.mit.edu/andersk/Public/sprintf-codesearch.py>.) My conclusion is that, whether or not this pattern is technically allowed by the C specification, it is common enough that the compiler should be fixed, if that is at all possible.
2008-12-07 11:38:33 Anders Kaseorg bug assigned to abiword (Ubuntu)
2008-12-07 11:47:36 Anders Kaseorg bug assigned to ctn (Ubuntu)
2008-12-07 11:48:56 Anders Kaseorg bug assigned to hypermail (Ubuntu)
2008-12-07 11:50:13 Anders Kaseorg bug assigned to asterisk (Ubuntu)
2008-12-07 11:51:11 Anders Kaseorg bug assigned to atomicparsley (Ubuntu)
2008-12-07 11:52:13 Anders Kaseorg bug assigned to audacious-plugins (Ubuntu)
2008-12-07 11:57:53 Anders Kaseorg bug assigned to billard-gl (Ubuntu)
2008-12-07 11:58:42 Anders Kaseorg bug assigned to binutils (Ubuntu)
2008-12-07 11:59:31 Anders Kaseorg bug assigned to blender (Ubuntu)
2008-12-07 17:21:34 Kees Cook bug assigned to glibc (Ubuntu)
2008-12-07 17:43:56 Kees Cook bug assigned to glibc
2008-12-07 17:44:25 Kees Cook glibc: status New Confirmed
2008-12-07 17:44:25 Kees Cook glibc: importance Undecided High
2008-12-07 17:44:25 Kees Cook glibc: statusexplanation
2008-12-07 17:52:40 Bug Watch Updater glibc: status Unknown Invalid
2008-12-07 19:25:21 Kees Cook bug added attachment 'main.log' (report of search in main)
2008-12-07 19:25:51 Kees Cook bug added attachment 'universe.log' (report of search in universe)
2008-12-07 19:26:18 Kees Cook bug added attachment 'multiverse.log' (report of search in multiverse)
2008-12-07 21:42:55 Kees Cook bug added attachment 'main.log' (main.log)
2008-12-07 21:43:32 Kees Cook bug added attachment 'universe.log' (universe.log)
2008-12-07 21:43:58 Kees Cook bug added attachment 'multiverse.log' (multiverse.log)
2008-12-23 06:14:32 Anders Kaseorg bug added attachment 'instructions' (instructions file for proposed massfile)
2008-12-23 06:20:58 Anders Kaseorg bug added attachment 'instructions' (instructions file for proposed massfile, v2)
2008-12-24 06:13:56 Kees Cook bug added attachment 'no-sprintf-pre-truncate.diff' (no-sprintf-pre-truncate.diff)
2008-12-24 19:00:12 Kees Cook 4g8: status New Invalid
2008-12-24 19:00:18 Kees Cook abiword: status New Invalid
2008-12-24 19:00:22 Kees Cook asterisk: status New Invalid
2008-12-24 19:00:27 Kees Cook atomicparsley: status New Invalid
2008-12-24 19:00:30 Kees Cook audacious-plugins: status New Invalid
2008-12-24 19:00:36 Kees Cook barnowl: status New Invalid
2008-12-24 19:00:40 Kees Cook billard-gl: status New Invalid
2008-12-24 19:00:46 Kees Cook binutils: status New Invalid
2008-12-24 19:00:50 Kees Cook blender: status New Invalid
2008-12-24 19:00:55 Kees Cook ctn: status New Invalid
2008-12-24 19:00:59 Kees Cook gcc-4.3: status New Invalid
2008-12-24 19:01:04 Kees Cook glibc: status New Invalid
2008-12-24 19:01:09 Kees Cook hypermail: status New Invalid
2008-12-24 19:01:14 Kees Cook mpeg4ip: status New Invalid
2008-12-24 19:01:19 Kees Cook nagios-plugins: status New Invalid
2008-12-24 19:01:24 Kees Cook owl: status New Invalid
2008-12-24 19:01:33 Kees Cook xmcd: status New Invalid
2008-12-24 19:01:39 Kees Cook 4g8: status New Invalid
2008-12-24 19:01:43 Kees Cook abiword: status New Invalid
2008-12-24 19:01:49 Kees Cook asterisk: status New Invalid
2008-12-24 19:01:57 Kees Cook atomicparsley: status New Invalid
2008-12-24 19:02:02 Kees Cook audacious-plugins: status New Invalid
2008-12-24 19:02:08 Kees Cook barnowl: status New Invalid
2008-12-24 19:02:14 Kees Cook billard-gl: status New Invalid
2008-12-24 19:02:19 Kees Cook binutils: status New Invalid
2008-12-24 19:02:26 Kees Cook blender: status New Invalid
2008-12-24 19:02:34 Kees Cook ctn: status New Invalid
2008-12-24 19:02:39 Kees Cook glibc: status Confirmed Invalid
2008-12-24 19:02:44 Kees Cook hypermail: status New Invalid
2008-12-24 19:02:48 Kees Cook mpeg4ip: status New Invalid
2008-12-24 19:02:52 Kees Cook nagios-plugins: status New Invalid
2008-12-24 19:03:01 Kees Cook owl: status New Invalid
2008-12-24 19:03:06 Kees Cook xmcd: status New Invalid
2008-12-24 19:03:27 Kees Cook glibc: status Invalid Confirmed
2008-12-24 19:03:27 Kees Cook glibc: assignee kees
2008-12-24 19:03:27 Kees Cook glibc: importance Undecided High
2008-12-24 19:03:27 Kees Cook glibc: statusexplanation Marking the source packages as Invalid, since they will be handled upstream. The glibc patch restores the original behavior, so it will get SRU'd into Intrepid and fixed in Jaunty.
2008-12-24 19:03:58 Kees Cook glibc: status Invalid Fix Committed
2008-12-24 19:03:58 Kees Cook glibc: assignee kees
2008-12-24 19:03:58 Kees Cook glibc: statusexplanation
2009-01-05 22:40:12 Launchpad Janitor glibc: status Fix Committed Fix Released
2009-01-08 22:27:55 Kees Cook glibc: status Confirmed In Progress
2009-01-08 22:27:55 Kees Cook glibc: statusexplanation Marking the source packages as Invalid, since they will be handled upstream. The glibc patch restores the original behavior, so it will get SRU'd into Intrepid and fixed in Jaunty.
2009-01-08 22:29:20 Kees Cook bug added attachment 'glibc_2.8~20080505-0ubuntu8.debdiff' (glibc_2.8~20080505-0ubuntu8.debdiff)
2009-01-08 22:31:11 Kees Cook bug added subscriber Ubuntu Stable Release Updates Team
2009-01-09 12:49:01 Martin Pitt glibc: status In Progress Fix Committed
2009-01-09 12:49:39 Martin Pitt bug added subscriber SRU Verification
2009-01-29 08:00:54 Launchpad Janitor glibc: status Fix Committed Fix Released
2010-02-22 22:19:25 Launchpad Janitor branch linked lp:ubuntu/intrepid-updates/glibc
2010-02-22 22:22:12 Launchpad Janitor branch linked lp:ubuntu/jaunty/glibc
2011-05-26 09:04:47 Bug Watch Updater glibc: importance Unknown Medium
2019-02-23 03:55:43 Bug Watch Updater glibc: status Invalid Confirmed