On 2/16/2012 01:28, Marcus Meissner wrote:
On Thu, Feb 16, 2012 at 01:55:44AM +0300, Nikolay Sivov wrote:
The problem is that vsnprintf() was called multiple times with same va_list. Ti fix that it was necessary to get rid of some tracing bits like macro-defined callback calls and a single function for all kinds of error types.
As far as I understand this problem it leads to a stack corruption when va_list is used multiple time without va_start/va_end around it, so it's critical to fix.
If I remember correctly, you can even process a va_list only once on some platforms.
We use it that way in couple of places, so it seems to work and I can't find a proper description or part of a standard that says it's not portable.
See winegcc/wrc for --- char* strmake(const char* fmt, ...) --- as an example.
That probably means vsnprintf() and similar calls were added as part of C99 as well, so their presence implies working va_copy() is available.
Anyway calling it many times with same va_list is broken.
If you need to process it multiple times, you need to create a copy with va_copy() first.
Yes, but that's a part of C99.
Ciao, Marcus