Opened 14 years ago
Closed 14 years ago
#33 closed defect (invalid)
fix ngx_vslprintf(): invalid processing terminated %
| Reported by: | Kuts Alexey (Куц Алексей) | Owned by: | somebody |
|---|---|---|---|
| Priority: | trivial | Milestone: | |
| Component: | nginx-core | Version: | 1.0.x |
| Keywords: | Cc: | ||
| uname -a: | |||
| nginx -V: | |||
Description
ngx_vslprintf(u_char *buf, u_char *last, const char *fmt, va_list args)
when fmt is terminated by '%',
there will be invalid write of zero byte to buf and unknown behaviour afterwards.
Correct behaviour is to write terminated '%' to buf
(for example, this approach is applied in linux kernel lib/vsprintf.c).
Attachments (1)
Change History (2)
by , 14 years ago
| Attachment: | ngx_string_1.c added |
|---|
comment:1 by , 14 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
This is at most feature, not a bug. Garbage in, garbage out. Even for standard printf() behaviour is undefined if format string isn't correct.
While it will be fine to handle such incorrect format strings, I don't like the particular approach of printing "%" in this case. It should just skip "%" consistently with processing of other incorrect format strings.
p.s. You may want to use nginx-devel@ mailing list instead of bug tracker to submit patches.