http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59974
Bug ID: 59974
Summary: ostream crashes on large numbers under Windows
Product: gcc
Version: 4.6.3
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: steve at sk2 dot org
Created attachment 31972
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=31972&action=edit
Test case
This is forwarded from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736946
and courtesy of Jeff Epler.
The attached program crashes when built with x86_64-w64-mingw32-g++ or
i686-w64-mingw32-g++.
The underlying cause is an assumption that snprintf never returns -1. In fact,
on Windows, the platform snprintf returns -1 when the buffer is not big
enough, which leads to (A) calling alloca(-1) and (B) calling std::widen
with fin < st, either one of which is probably enough to lead to a
crash.
The patch shown below fixes several locations in libstdc++ where a
negative return value from snprintf was not properly handled.
The bug was filed against gcc 4.6.3 but it also applies to 4.8.2 and the
current 4.9 snapshot in Debian (20140122).
Note that the mingw-w64 can mask this bug by providing its own vsnprintf
implementation when building libstdc++.
Regards,
Stephen
