Segmentation fault in vsnprintf() from /lib64/tls/libc.so.6
Agarwal, Saumya
Saumya.Agarwal at netapp.com
Tue Dec 5 18:01:49 UTC 2006
Thanks Jakub! It worked with va_copy.
-----Original Message-----
From: Jakub Jelinek [mailto:jakub at redhat.com]
Sent: Tuesday, December 05, 2006 12:25 AM
To: Agarwal, Saumya
Cc: amd64-list at redhat.com
Subject: Re: Segmentation fault in vsnprintf() from /lib64/tls/libc.so.6
On Mon, Dec 04, 2006 at 11:41:02PM +0530, Agarwal, Saumya wrote:
> On executing the code (snippet below) I get a segmentation fault at
> run time. The code builds fine. The same code runs fine on a 32-bit
> linux machine.
>
> if (NULL != *strp) {
> for ( ; NULL != *strp; ) {
> left = *sizep - len - 1;
> if (left > 0) {
> result = vsnprintf(&(*strp)[len], left, format, ap);
> if ((result != -1) && (result < left)) { //vsnprintf
> truncated the output string
> break;
> }
> }
> *sizep *= 2;
> Renew(*strp, *sizep, char); //reallocate sizep amount of
> space to strp
> }
> }
>
> The crash happens in the second iteration of the for loop. It goes
> through fine in the first iteration.
No wonder, this is clearly invalid code, see ISO C99, 7.15(3):
The type declared is
va_list
which is an object type suitable for holding information needed by the
macros va_start, va_arg, va_end, and va_copy. If access to the varying
arguments is desired, the called function shall declare an object
(generally referred to as ap in this subclause) having type va_list.
The object ap may be passed as an argument to another function; if that
function invokes the va_arg macro with parameter ap, the value of ap in
the calling function is indeterminate and shall be passed to the va_end
macro prior to any further reference to ap.
As vsnprintf uses va_arg on the 4th argument passed to it (ap), you
really need to va_copy before you call vsnprintf (and don't forget to
pass it to va_end afterwards).
The va_copy man page should explain it too.
Jakub
More information about the amd64-list
mailing list