Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 05 Nov 2022 07:52:09 -0400
From: "Alex Xu (Hello71)" <>
To: Szabolcs Nagy <>,, Markus Wichmann
Subject: Re: Invalid read of nl_arg in printf_core()

Excerpts from Szabolcs Nagy's message of November 5, 2022 6:09 am:
> * Markus Wichmann <> [2022-11-03 20:42:16 +0100]:
>> Hi all,
>> reading some code today, I noticed undefined behavior in printf_core().
>> vfprintf() creates an array called nl_arg automatically and does not
>> initialize it. That is fine, but it means that reads from each array
>> member are undefined behavior until that member gets assigned a value.
> an automatic storage object that was not initialized has indeterminate
> value, so accessing it is not undefined behaviour. (unless the object
> could have been declared with the register storage class)
> so technically the code is correct (if int has no trap representations)
> but i think the fix still makes sense: leaving unspecified values around
> is error prone.

N1570 J.2 [Undefined behavior]:

1   The behavior is undefined in the following circumstances:
[ ... ]
— The value of an object with automatic storage duration is used while it is
  indeterminate (6.2.4, 6.7.9, 6.8).

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.