Opened 13 years ago

Closed 13 years ago

#33 closed defect (invalid)

fix ngx_vslprintf(): invalid processing terminated %

Reported by: Kuts Alexey (Куц Алексей) Owned by: somebody
Priority: trivial Milestone:
Component: nginx-core Version: 1.0.x
Keywords: Cc:
uname -a:
nginx -V:


ngx_vslprintf(u_char *buf, u_char *last, const char *fmt, va_list args)
when fmt is terminated by '%',
there will be invalid write of zero byte to buf and unknown behaviour afterwards.

Correct behaviour is to write terminated '%' to buf
(for example, this approach is applied in linux kernel lib/vsprintf.c).

Attachments (1)

ngx_string_1.c (415 bytes ) - added by Kuts Alexey (Куц Алексей) 13 years ago.

Download all attachments as: .zip

Change History (2)

by Kuts Alexey (Куц Алексей), 13 years ago

Attachment: ngx_string_1.c added

comment:1 by Maxim Dounin, 13 years ago

Resolution: invalid
Status: newclosed

This is at most feature, not a bug. Garbage in, garbage out. Even for standard printf() behaviour is undefined if format string isn't correct.

While it will be fine to handle such incorrect format strings, I don't like the particular approach of printing "%" in this case. It should just skip "%" consistently with processing of other incorrect format strings.

p.s. You may want to use nginx-devel@ mailing list instead of bug tracker to submit patches.

Note: See TracTickets for help on using tickets.