overflow in snprintf() when printing INT64_MIN

Andres Freund Thu, 27 Sep 2018 17:12:02 -0700

Hi,

I just noticed, while reviewing a patch that corrects overflow handing
in snprintf, that we don't correctly handle INT64_MIN in snprintf.c:


static void
fmtint(int64 value, char type, int forcesign, int leftjust,
           int minlen, int zpad, int precision, int pointflag,
           PrintfTarget *target)
{
...
        /* Handle +/- */
        if (dosign && adjust_sign((value < 0), forcesign, &signvalue))
                value = -value;

If value already is INT64_MIN this can't work.  It just happens to fail
to fail, because the later cast with (uint64) value "hides" the damage.

I suspect the best way to fix this, would be to instead do:

        /* Handle +/- */
        if (dosign && adjust_sign((value < 0), forcesign, &signvalue);
                uvalue = -(uint64) value;
        else
                uvalue = (uint64) value;

Greetings,

Andres Freund

overflow in snprintf() when printing INT64_MIN

Reply via email to