Project

General

Profile

Bug #1577

stack smashing in generic_double_to_str()

Added by Tassilo Glander almost 8 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
11/27/2012
Due date:
% Done:

0%

Estimated time:

Description

Hi,

I have a crash of Wt with the stacktrace pointing to renderfv() method.

The problem is in renderfv() using generic_double_to_str() in some cases, as it lets write sprintf without limitation in length to a char * buf of fixed size (for example char * buf[30]):

static inline char *generic_double_to_str(double d, char *buf)

{

if (boost::math::isnan(d)) {

if (boost::math::isinf(d)) {

sprintf(buf, "%f", (float)d);

Suggested solution: pass on the digits parameter to this function and set the format accordingly.

Best,

Tassilo

#1

Updated by Wim Dumon almost 8 years ago

Oops. I made the mistake of thinking that 'f' stands for 'float' but of course it stands for 'double'. Beginner's mistake!

This should be better:

sprintf(buf, "%.7e", d);

I will fix this in the source code.

Best regards,

Wim.

#2

Updated by Koen Deforche almost 8 years ago

  • Status changed from New to Resolved
  • Assignee set to Wim Dumon
#3

Updated by Koen Deforche over 7 years ago

  • Status changed from Resolved to Closed
  • Target version set to 3.3.0

Also available in: Atom PDF