[Bug libstdc++/59974] New: ostream crashes on large numbers under Windows

steve at sk2 dot org gcc-bugzilla@gcc.gnu.org
Tue Jan 28 23:28:00 GMT 2014 

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59974

            Bug ID: 59974
           Summary: ostream crashes on large numbers under Windows
           Product: gcc
           Version: 4.6.3
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libstdc++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: steve at sk2 dot org

Created attachment 31972
  --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=31972&action=edit
Test case

This is forwarded from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736946
and courtesy of Jeff Epler.

The attached program crashes when built with x86_64-w64-mingw32-g++ or
i686-w64-mingw32-g++.

The underlying cause is an assumption that snprintf never returns -1.  In fact,
on Windows, the platform snprintf returns -1 when the buffer is not big
enough, which leads to (A) calling alloca(-1) and (B) calling std::widen
with fin < st, either one of which is probably enough to lead to a
crash.

The patch shown below fixes several locations in libstdc++ where a
negative return value from snprintf was not properly handled.

The bug was filed against gcc 4.6.3 but it also applies to 4.8.2 and the
current 4.9 snapshot in Debian (20140122).

Note that the mingw-w64 can mask this bug by providing its own vsnprintf
implementation when building libstdc++.

Regards,

Stephen

More information about the Gcc-bugs mailing list