https://bugzilla.novell.com/show_bug.cgi?id=733140 https://bugzilla.novell.com/show_bug.cgi?id=733140#c6 --- Comment #6 from Christoph Bartoschek <bartoschek@or.uni-bonn.de> 2011-11-29 10:10:41 UTC --- I would suggest the following patch instead. This way nsize is initialized with the correct number of bytes. And nspecs_max uses the whole given buffer. diff --git a/stdio-common/vfprintf.c b/stdio-common/vfprintf.c index 753a5ac..6e026ae 100644 --- a/stdio-common/vfprintf.c +++ b/stdio-common/vfprintf.c @@ -1683,8 +1683,9 @@ do_positional: { /* Extend the array of format specifiers. */ struct printf_spec *old = specs; - specs = extend_alloca (specs, nspecs_max, - 2 * nspecs_max * sizeof (*specs)); + size_t nsize = nspecs_max * sizeof(*specs); + specs = extend_alloca (specs, nsize, 2 * nsize); + nspecs_max = nsize/sizeof(*specs); /* Copy the old array's elements to the new space. */ memmove (specs, old, nspecs * sizeof (struct printf_spec)); I do not have access to the glibc bugzilla, so I will not post it there. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.