Project

General

Profile

Actions

Backport #1232

closed

sprintf Heap Corruption

Added by cfis (Charlie Savage) about 15 years ago. Updated almost 13 years ago.


Description

=begin
Build ruby with -RCT1 using MSVC 2008. Then run this ruby program:

puts sprintf("%0.1fs", Time.now)

It will result in this error:

Debug Error: "HEAP CORRUPTION DETECTED: after normal block (#10921) at 0x02522F58. CRT detected that the application wrote to memory after end of heap buffer."

Investigating:

  • In util.c, ruby_dtoa, line 3365:

s = s0 = rv_alloc(i);

  • Lower down at line 3449:

    for (i = 1;; i++, dval(d) *= 10.) {

In the specific test case, i is 11. The loop goes from 1 to 11, thereby filling the entire buffer. After the loop a "0" is written to the buffer, but this is at byte 12, thereby overwriting the buffer causing an assertion failure.

Attached is a patch that fixes the problem by allocating one more byte to the buffer. However, this is complex code, and perhaps there is some other patch (for example, changing the loop to start at 0 not 1).
=end


Files

util.patch (325 Bytes) util.patch cfis (Charlie Savage), 03/01/2009 06:56 PM
Actions #1

Updated by nobu (Nobuyoshi Nakada) about 15 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100

=begin
Applied in changeset r22692.
=end

Actions #2

Updated by shyouhei (Shyouhei Urabe) almost 15 years ago

  • Status changed from Closed to Open
  • Assignee set to shyouhei (Shyouhei Urabe)

=begin

=end

Actions #3

Updated by shyouhei (Shyouhei Urabe) almost 15 years ago

  • Assignee changed from shyouhei (Shyouhei Urabe) to wyhaines (Kirk Haines)

=begin

=end

Actions #4

Updated by wyhaines (Kirk Haines) over 14 years ago

  • Status changed from Open to Closed

=begin
This is fixed in 24583.
=end

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0