Jarno Rajahalme wrote:
> - I also had the program crash on malloc error when I accidentally had the
> fprintf format string containing "%S" (apparently expecting wide character
> input, while not getting it) instead of "%s".
I can reproduce it, with your test program (modified to use %S instead of %s).
There were two bugs in this area:
1) an abort() in a valid use case,
2) an endless loop that allocates more and more memory, without bounds.
This fixes the first bug:
2010-04-10 Bruno Haible <br...@clisp.org>
vasnprintf: Fix crash in %ls directive.
* lib/vasnprintf.c (VASNPRINTF): Don't abort when a unconvertible wide
string is passed as argument to %ls, with no precision and no width.
Reported by Jarno Rajahalme <jarno.rajaha...@nsn.com>.
--- lib/vasnprintf.c.orig Sat Apr 10 22:16:45 2010
+++ lib/vasnprintf.c Sat Apr 10 22:11:26 2010
@@ -2605,8 +2605,16 @@
count = wctomb (cbuf, *arg);
# endif
if (count <= 0)
- /* Inconsistency. */
- abort ();
+ {
+ /* Cannot convert. */
+ if (!(result == resultbuf || result == NULL))
+ free (result);
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ CLEANUP ();
+ errno = EILSEQ;
+ return NULL;
+ }
ENSURE_ALLOCATION (xsum (length, count));
memcpy (result + length, cbuf, count);
length += count;
