Bug #1577
closedstack smashing in generic_double_to_str()
Description
Hi,
I have a crash of Wt with the stacktrace pointing to renderfv() method.
The problem is in renderfv() using generic_double_to_str() in some cases, as it lets write sprintf without limitation in length to a char * buf of fixed size (for example char * buf[30]):
static inline char *generic_double_to_str(double d, char *buf)
{
if (boost::math::isnan(d)) {
if (boost::math::isinf(d)) {
sprintf(buf, "%f", (float)d);
Suggested solution: pass on the digits parameter to this function and set the format accordingly.
Best,
Tassilo
Updated by Wim Dumon about 12 years ago
Oops. I made the mistake of thinking that 'f' stands for 'float' but of course it stands for 'double'. Beginner's mistake!
This should be better:
sprintf(buf, "%.7e", d);
I will fix this in the source code.
Best regards,
Wim.
Updated by Koen Deforche about 12 years ago
- Status changed from New to Resolved
- Assignee set to Wim Dumon
Updated by Koen Deforche almost 12 years ago
- Status changed from Resolved to Closed
- Target version set to 3.3.0