Backport #1232
closedsprintf Heap Corruption
Description
=begin
Build ruby with -RCT1 using MSVC 2008. Then run this ruby program:
puts sprintf("%0.1fs", Time.now)
It will result in this error:
Debug Error: "HEAP CORRUPTION DETECTED: after normal block (#10921) at 0x02522F58. CRT detected that the application wrote to memory after end of heap buffer."
Investigating:
- In util.c, ruby_dtoa, line 3365:
s = s0 = rv_alloc(i);
-
Lower down at line 3449:
for (i = 1;; i++, dval(d) *= 10.) {
In the specific test case, i is 11. The loop goes from 1 to 11, thereby filling the entire buffer. After the loop a "0" is written to the buffer, but this is at byte 12, thereby overwriting the buffer causing an assertion failure.
Attached is a patch that fixes the problem by allocating one more byte to the buffer. However, this is complex code, and perhaps there is some other patch (for example, changing the loop to start at 0 not 1).
=end
Files
Updated by nobu (Nobuyoshi Nakada) about 15 years ago
- Status changed from Open to Closed
- % Done changed from 0 to 100
=begin
Applied in changeset r22692.
=end
Updated by shyouhei (Shyouhei Urabe) almost 15 years ago
- Status changed from Closed to Open
- Assignee set to shyouhei (Shyouhei Urabe)
=begin
=end
Updated by shyouhei (Shyouhei Urabe) almost 15 years ago
- Assignee changed from shyouhei (Shyouhei Urabe) to wyhaines (Kirk Haines)
=begin
=end
Updated by wyhaines (Kirk Haines) over 14 years ago
- Status changed from Open to Closed
=begin
This is fixed in 24583.
=end