On 4/17/06, Jesse Allen the3dfxdude@gmail.com wrote:
On 4/17/06, Tomas Carnecky tom@dbservice.com wrote:
Jesse Allen wrote:
On 4/17/06, Tomas Carnecky tom@dbservice.com wrote:
Wine doesn't crash in this function, sorry, it's a bug in pf_vsnprintf() which causes snprintf() to write beyond the end of the buffer.
I've attached a patch that fixes it for me, but it's probably better not to create such large buffers on the stack. Anyone with a better fix?
OK, I can kind of see a problem. If we converted this number on our own, we would set the field size to the number of printable characters before the final ouptut. But since we can't even look at the size at all, we rely on 40 because nothing is hardcoded into the format string. We will obviously overflow when we have more significant digits than 40 and no field size specified.
But I also found something wrong with your test. Libc seems to remember far more digits and msvcrt rounds. So we also have a portability issue I think. The real solution is doing our own float conversions, but we can avoid the crash in the meantime by just making number larger; the output will still not be correct.
Jesse