Opened 12 years ago
Closed 12 years ago
#33 closed defect (invalid)
fix ngx_vslprintf(): invalid processing terminated %
|Reported by:||Kuts Alexey (Куц Алексей)||Owned by:||somebody|
ngx_vslprintf(u_char *buf, u_char *last, const char *fmt, va_list args)
when fmt is terminated by '%',
there will be invalid write of zero byte to buf and unknown behaviour afterwards.
Correct behaviour is to write terminated '%' to buf
(for example, this approach is applied in linux kernel lib/vsprintf.c).
Change History (2)
by , 12 years ago
comment:1 by , 12 years ago
|Status:||new → closed|
Note: See TracTickets for help on using tickets.
This is at most feature, not a bug. Garbage in, garbage out. Even for standard printf() behaviour is undefined if format string isn't correct.
While it will be fine to handle such incorrect format strings, I don't like the particular approach of printing "%" in this case. It should just skip "%" consistently with processing of other incorrect format strings.
p.s. You may want to use nginx-devel@ mailing list instead of bug tracker to submit patches.