问题
I'm porting some very old (> 10y) C code to modern Linuxes. I'm getting segmentation faults within a custom-written vsnprintf() wrapper (apparently its task is to detect duplicate output strings and intern them):
char* strVPrintf(const String fmt, va_list ap)
{
/* Guess we need no more than 50 bytes. */
int n, size = 50;
char* p = (char*)memMalloc(size), q;
while (1) {
/* Try to print in the allocated space. */
n = vsnprintf(p, size, fmt, ap);
/* If that worked, return the string. */
if (n > -1 && n < size) {
break;
}
/* Else try again with more space. */
if (n > -1) /* glibc 2.1 */
size = n + 1; /* precisely what is needed */
else /* glibc 2.0 */
size *= 2; /* twice the old size */
p = memRealloc(p, size);
}
q = strRegister(p);
memFree(p);
return q;
}
The author seems to have assumed that the standard vsnprintf() function returns the number of characters written, and simply returns a sentinel value if it doesn't receive enough space to format all args. This means that you can just guess a buffer size and increase it if necessary.
But on my system (Ubuntu 14.04, glibc 2.19) vnprintf causes a segmentation fault when called with too many arguments for the provided space. Did the semantics of the snprintf() family change that drastically in the meantime? And what is the modern way of ensuring you hand it enough buffer space?
回答1:
This is the correct way to use snprintf and vsnprintf on every operating system except SunOS 4 (which has been obsolete for 20 years), so your problem is somewhere else.
I'll make a pure guess and say that I'm almost certain that your problem is that you're passing the va_list ap into vsnprintf which consumes it and then you expect it to be reset on the next call. This is incorrect and has stopped working in gcc many years ago (because it only worked on certain architectures).
Change:
n = vsnprintf(p, size, fmt, ap);
To:
va_list apc;
va_copy(apc, ap);
n = vsnprintf(p, size, fmt, apc);
va_end(apc);
And see if that helps.
Here's a simple test to see what's going on:
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
void
foo(const char *fmt, va_list ap)
{
#ifdef BAD
vprintf(fmt, ap);
#else
va_list apc;
va_copy(apc, ap);
vprintf(fmt, apc);
va_end(apc);
#endif
vprintf(fmt, ap);
}
void
bar(const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
foo(fmt, ap);
va_end(ap);
}
int
main(int argc, char **argv)
{
bar("foo %s\n", "bar");
return 0;
}
When run I get this:
$ cc -o foo foo.c && ./foo
foo bar
foo bar
$ cc -DBAD -o foo foo.c && ./foo
foo bar
foo ����
回答2:
As I understand the code, its purpose is to detect the size needed by sprintf to fully write the output string in the buffer. There is a function that do this for you: asprintf (or vasprintf here).
Prototype:
int vasprintf(char **strp, const char *fmt, va_list ap);
Just use it as follow:
String strVPrintf(const String fmt, va_list ap)
{
char *ans;
int n;
n = vasprintf(&ans, fmt, ap);
// do the checks
return ans;
}
With this function, you do not need this wrapper any more, I think.
回答3:
Unsure on yours, but my man page on variable argument lists says:
COMPATIBILITY
These macros are not compatible with the historic macros they replace. A backward compatible version can be found in the include file <varargs.h>.
As you said it is very old code, maybe the va_list received in this routine is not the va_list expected by vsnprintf. You should first try to extract all parameters with one header then the other to be sure (normally vsnprintf is stdarg.h compatible)
来源:https://stackoverflow.com/questions/37788305/how-do-you-call-vsnprintf-safely