Project

General

Profile

Actions

Bug #1577

closed

stack smashing in generic_double_to_str()

Added by Tassilo Glander about 12 years ago. Updated almost 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
11/27/2012
Due date:
% Done:

0%

Estimated time:

Description

Hi,

I have a crash of Wt with the stacktrace pointing to renderfv() method.

The problem is in renderfv() using generic_double_to_str() in some cases, as it lets write sprintf without limitation in length to a char * buf of fixed size (for example char * buf[30]):

static inline char *generic_double_to_str(double d, char *buf)

{

if (boost::math::isnan(d)) {

if (boost::math::isinf(d)) {

sprintf(buf, "%f", (float)d);

Suggested solution: pass on the digits parameter to this function and set the format accordingly.

Best,

Tassilo

Actions #1

Updated by Wim Dumon about 12 years ago

Oops. I made the mistake of thinking that 'f' stands for 'float' but of course it stands for 'double'. Beginner's mistake!

This should be better:

sprintf(buf, "%.7e", d);

I will fix this in the source code.

Best regards,

Wim.

Actions #2

Updated by Koen Deforche about 12 years ago

  • Status changed from New to Resolved
  • Assignee set to Wim Dumon
Actions #3

Updated by Koen Deforche almost 12 years ago

  • Status changed from Resolved to Closed
  • Target version set to 3.3.0
Actions

Also available in: Atom PDF