https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115404
--- Comment #2 from Sergei Trofimovich <slyfox at gcc dot gnu.org> ---
Thank you for the hints!
I did not yet fully extracted self-contained example but got a bit closer to
it.
Comparing glibc binary before and after r15-1113-gde05e44b2ad963 the only
function that changes is __vsprintf_internal.
Smaller reproducer (against glibc-2.39 built with affected compiler):
// $ cat over.c
#include <printf.h>
#include <stdio.h>
static int printf_e(FILE *fp, const struct printf_info *info, const void *const
*args) { return -2; }
static int size_type(const struct printf_info *info, size_t n, int *argtype,
int *size) {
return -1;
}
int main(void) {
char buf[255];
register_printf_specifier('e', printf_e, size_type);
sprintf(buf, "%e", -12.5);
return 0;
}
$ gcc over.c -o over -O2 -D_FORTIFY_SOURCE=3 && ./over
Fatal glibc error: printf_buffer_as_file.c:31 (__printf_buffer_as_file_commit):
assertion failed: file->stream._IO_write_ptr <= file->next->write_end
Aborted (core dumped)
