When executing that on a target:
>>>>>>>>>>>>>>>>>>>>>>
#include <stdarg.h>
void bug_vsprintf( char *pString, const char *format, va_list ap)
{
char c;
char *str = 0;
int str_cnt = 0;
while((c = *format++) != '\0')
{
if (c == '%')
{
if (*format++ == 's')
{
str = va_arg(ap, char *);
if (str == 0) str = "(null)";
for (str_cnt = 0; str[str_cnt] != '\0' &&
str_cnt <= 5; str_cnt++)
continue;
if (str_cnt > 5) {
static char errmsg[32] = "(invalid %s
ptr)";
//char errmsg[32] = "(invalid %s ptr)";
// no bug
str = errmsg;
str_cnt = sizeof("(invalid %s ptr)") -
1;
}
}
while(str_cnt)
{
*pString++ = (*str++);
str_cnt--;
}
}
else
*pString++ = c;
}
*pString = '\0';
}
void bug_sprintf( char *pString, const char *format, ...)
{
va_list argptr;
va_start( argptr, format );
bug_vsprintf( pString, format, argptr );
va_end( argptr );
}
void triggerbug(void)
{
char buffer[50];
bug_sprintf(buffer, "%s", "123456789");
printf ("buggy buffer: %s i.e. 0x%X 0x%X 0x%X ...\r\n", buffer,
buffer[0], buffer[1], buffer[2]);
}
<<<<<<<<<<<<<
(first include stdio.h for printf)
Compilation switch:
powerpc-eabi-gcc -Wall -W -O2 -fno-strict-aliasing -ffunction-sections
-std=gnu99 -Xassembler -mregnames bug.c
I get the line:
buggy buffer: À i.e. 0xC0 0x0 0x57 ...
If I remove the static (in "static char errmsg"), I get what I want:
buggy buffer: (invalid %s ptr) i.e. 0x28 0x69 0x6E ...
--
Summary: static string in vararg function
Product: gcc
Version: 4.1.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: etienne_lorrain at yahoo dot fr
GCC host triplet: cygwin-ia32
GCC target triplet: powerpc-eabi
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29613
