format_to_n unsafe when arguments exceeds some size #2029

arthurfait · 2020-11-18T07:57:16Z

format_to_n unsafe when arguments exceeds some size (256?)

Relates to closed #2028 (#1996)

Following peace of code

#include <fmt/format.h>
int main()
{
    char buff[80];
    const char *a = "11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111";
    fmt::format_to_n(std::begin(buff), 79,FMT_STRING("{} "), a);
    fmt::print("done");
    return 0;
}

build with following rule:
-fstack-protector-strong

gives

*** stack smashing detected ***: terminated

vitaut · 2020-11-18T14:51:03Z

Great catch, thanks! Fixed in 2c734c9.

vitaut added a commit that referenced this issue Nov 18, 2020

Fix an overflow in format_to_n (#2029)

66c3f1d

vitaut added a commit that referenced this issue Nov 18, 2020

Fix an overflow in format_to_n (#2029)

2c734c9

vitaut closed this as completed Nov 18, 2020

vitaut added a commit that referenced this issue Nov 24, 2020

Fix an overflow in format_to_n (#2029)

b8957f5

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

format_to_n unsafe when arguments exceeds some size #2029

format_to_n unsafe when arguments exceeds some size #2029

arthurfait commented Nov 18, 2020

vitaut commented Nov 18, 2020

format_to_n unsafe when arguments exceeds some size #2029

format_to_n unsafe when arguments exceeds some size #2029

Comments

arthurfait commented Nov 18, 2020

vitaut commented Nov 18, 2020