Subject: lib/33085: memleak in libc:*printf when formatting %.3f
To: None <lib-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <kardel@netbsd.org>
List: netbsd-bugs
Date: 03/15/2006 11:25:00
>Number: 33085
>Category: lib
>Synopsis: memleak in libc:*printf when formatting %.3f
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: lib-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Mar 15 11:25:00 +0000 2006
>Originator: Frank Kardel
>Release: NetBSD 3.99.15
>Organization:
>Environment:
System: NetBSD pip.kardel.name 3.99.15 NetBSD 3.99.15 (PIP.MP) #42: Sun Mar 12 07:53:25 MET 2006 kardel@pip.kardel.name:/fs/WD1500ADFD-0-g/IC35L120AVV207-0-e/src/NetBSD/tc/src/sys/arch/i386/compile/obj.i386/PIP.MP i386
Architecture: i386
Machine: i386
>Description:
repeated calls to snprintf(buf, size, "%.3f", float); lead to memory leaks
>How-To-Repeat:
(gdb) run
Starting program: /home/kardel/memtrace/memtrace/loc loc
Program received signal SIGSEGV, Segmentation fault.
0xbbbbfdc5 in __Balloc_D2A () from /usr/lib/libc.so.12
(gdb) where
#0 0xbbbbfdc5 in __Balloc_D2A () from /usr/lib/libc.so.12
#1 0xbbbbf183 in __rv_alloc_D2A () from /usr/lib/libc.so.12
#2 0xbbbbccc3 in __dtoa () from /usr/lib/libc.so.12
#3 0xbbbbc23a in __vfprintf_unlocked () from /usr/lib/libc.so.12
#4 0xbbbbbdb8 in __vfprintf_unlocked () from /usr/lib/libc.so.12
#5 0xbbbb86b0 in snprintf () from /usr/lib/libc.so.12
#6 0x08048744 in main (argc=2, argv=0xbfbfe59c) at loc.c:10
#7 0x08048536 in ___start ()
(gdb) list 1,14
1 #include <stdlib.h>
2
3 int main(int argc, char **argv)
4 {
5 int i = 100000000;
6 char p[82];
7 float f = 0.00382;
8
9 while (i--)
10 snprintf(p, sizeof(p), "%.3f", f);
11
12 return 0;
13 }
14
>Fix:
quick guess: probably just add freeing the cvt result at the end of the %f formatting path.
>Unformatted: