Debian Bug report logs - #205736
manual page of snprintf suggests bad coding practice

version graph

Package: manpages-dev; Maintainer for manpages-dev is Martin Schulze <joey@debian.org>; Source for manpages-dev is src:manpages.

Reported by: Jan Kuznik <kuznik@gepro.cz>

Date: Sat, 16 Aug 2003 19:48:01 UTC

Severity: normal

Found in version 1.39-1.1

Fixed in versions manpages/1.70-2, manpages/2.00-1

Done: Martin Schulze <joey@infodrom.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Martin Schulze <joey@debian.org>:
Bug#205736; Package manpages-dev. Full text and rfc822 format available.

Acknowledgement sent to Jan Kuznik <kuznik@gepro.cz>:
New Bug report received and forwarded. Copy sent to Martin Schulze <joey@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Jan Kuznik <kuznik@gepro.cz>
To: submit@bugs.debian.org
Subject: manual page of snprintf suggests bad coding practice
Date: Sat, 16 Aug 2003 21:33:38 +0200
Package: manpages-dev
Version: 1.39-1.1

The manpage for printf and related functions
lists an example titled: "To allocate a sufficiently
large string and print into it (code  correct  for
both glibc 2.0 and glibc 2.1)"

This example contains the following line:

    if ((p = realloc (p, size)) == NULL)
       return NULL;

This is a very ill written code, since realloc returning
NULL do not deallocate the original memory block. Such a 
statement has a potential to become significant memory
hole. I suggest to correct this example since:

1. It may trick naive programmers to write bad code
2. It may lead skeptic observers to the believe 
   the whole Linux is written in a similar style.
   

Regards Jan Kuznik 



Information forwarded to debian-bugs-dist@lists.debian.org, Martin Schulze <joey@debian.org>:
Bug#205736; Package manpages-dev. Full text and rfc822 format available.

Acknowledgement sent to Sam Roberts <sroberts@certicom.com>:
Extra info received and forwarded to list. Copy sent to Martin Schulze <joey@debian.org>. Full text and rfc822 format available.

Message #10 received at 205736@bugs.debian.org (full text, mbox):

From: Sam Roberts <sroberts@certicom.com>
To: 205736@bugs.debian.org
Subject: Leaking memory isn't "bad practice", its a flat-out bug.
Date: Tue, 11 Nov 2003 14:44:44 -0500
I checked the libc docs to see if I should report this to the libc
maintainers, but it isn't there.

It looks like it crept in because this example was taken from the GNU
texinfo docs for snprintf. Those examples use xmalloc() and xrealloc(),
both of which exit internally if there was a memory allocation error.
When the xrealloc() got converted to a realloc(), the resulting code
became wrong.

Cheers,
Sam

-- 
Sam Roberts <sroberts@certicom.com>



Tags added: pending Request was from Martin Schulze <joey@infodrom.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Martin Schulze <joey@infodrom.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Jan Kuznik <kuznik@gepro.cz>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #17 received at 205736-close@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: 205736-close@bugs.debian.org
Subject: Bug#205736: fixed in manpages 1.70-2
Date: Wed, 22 Dec 2004 13:02:13 -0500
Source: manpages
Source-Version: 1.70-2

We believe that the bug you reported is fixed in the latest version of
manpages, which is due to be installed in the Debian FTP archive:

manpages-dev_1.70-2_all.deb
  to pool/main/m/manpages/manpages-dev_1.70-2_all.deb
manpages_1.70-2.diff.gz
  to pool/main/m/manpages/manpages_1.70-2.diff.gz
manpages_1.70-2.dsc
  to pool/main/m/manpages/manpages_1.70-2.dsc
manpages_1.70-2_all.deb
  to pool/main/m/manpages/manpages_1.70-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 205736@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Martin Schulze <joey@infodrom.org> (supplier of updated manpages package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 22 Dec 2004 18:26:11 +0100
Source: manpages
Binary: manpages manpages-dev
Architecture: source all
Version: 1.70-2
Distribution: unstable
Urgency: low
Maintainer: Martin Schulze <joey@debian.org>
Changed-By: Martin Schulze <joey@infodrom.org>
Description: 
 manpages   - Manual pages about using a GNU/Linux system
 manpages-dev - Manual pages about using GNU/Linux for development
Closes: 88644 174175 204292 205736 210704 213538 220741 220859 222145 224953 226182 226974 229618 229865 231479 232962 236223 236884 237305 239762 242638 246668 249698 250900 251516 253515 262567 267471 268846 270817 271239 271243 276248 280520 283179 284814 284935 285852
Changes: 
 manpages (1.70-2) unstable; urgency=low
 .
   * Untypo and removed superflous newline in errno(3), also applied
     upstream
   * Formatting improvement in tzset(3), also applied upstream
   * Applied upstream patch to sigwaitinfo(2) (closes: Bug#222145)
   * Corrected output for assert(3) (closes: Bug#284814)
   * Corrected the title (closes: Bug#220741)
   * Added missing bracket to cmsg(3) (closes: Bug#237305)
   * Fixed typo in shm_open(3) (closes: Bug#271239)
   * Removed getspnam(3) from missing(7) (Bug#43210)
   * Corrected the example in printf(3) (closes: Bug#205736)
   * Fixed typo in modify_ldt(2) (closes: Bug#220859)
   * Corrected error code in swapon(2) (closes: Bug#204292)
   * Fixed spelling in ip(7) (closes: Bug#210704)
   * Applied upstream patch to fix formatting problems in netdevice(7)
     (closes: Bug#229865)
   * Corrected field order in proc(5) (closes: Bug#231479)
   * Added timer_create(2) to missing(7) (Bug#235963)
   * Corrected prototype in bind(2) (closes: Bug#239762)
   * Added documentation of ERANGE in log2(3) (closes: Bug#250900)
   * Adjusted the return value of getnameinfo(3) (closes: Bug#229618)
   * Removed unused variable in example of stdarg(3) (closes: Bug#262567)
   * Added fnmatch(3) to SEE ALSO of glob(3) (closes: Bug#226182)
   * Added field information to stat(2) (closes: Bug#249698)
   * Removed explicit mention of extern declaration in errno(3) since it's
     superseded now (closes: Bug#174175)
   * Fixed typo in __setfpucw(3) (closes: Bug#284935)
   * Added fcntl.h to shm_open(3) (closes: Bug#271243)
   * Adjustments for clearer documentation in sendfile(2) (closes: Bug#88644)
   * Added _GNU_SOURCE to strfry(3) (closes: Bug#213538)
   * Applied correction to fcntl(2) (closes: Bug#280520)
   * Added note about range of seconds in strftime(3) (closes: Bug#276248)
   * Corrected tangent reduction to sine and cosine in ctan(3) and ctanh(3)
     (closes: Bug#270817)
   * Added rpmatch(3) to missing(7) (Bug#268121)
   * Adjusted default path for TZDIR in tzselect(8) (closes: Bug#267471)
   * Replaced selection(1) by gpm(8) in vcs(4) (closes: Bug#253515)
   * Adjusted the title of send(2) to what the OpenGroup has (closes: Bug#251516)
   * Added _GNU_SOURCE to function definition of strtod(3) (closes: Bug#246668)
   * Added _XOPEN_SOURCE to function definition of system(3) (closes: Bug#242638)
   * Removed dangling reference to non-existing newctime(3) in ctime(3)
     (closes: Bug#236884)
   * Same for zdump(8), tzselect(8) and zic(8) but they are not distributed
   * Added reference to SUSv3 in strcasecmp(3) (Bug#234443)
   * Fixed copy-and-paste bug in sysconf(3) (closes: Bug#226974)
   * Corrected the section of aio_error in aio_return(3) (closes: Bug#224953)
   * Added sync(8) back (closes: Bug#236223)
   * Added cap_set_proc(3)/cap_get_proc(3), capsetp(3)/capgetp(3) to
     missing(7) (Bug#208856)
   * Added pty(4) to missing(7) (Bug#209323)
   * Added re_format(7) as alias for regexp(7) (closes: Bug#232962)
   * Added refernce to errno to close(2), opendir(3), readdir(3),
     closedir(3) (closes: Bug#283179)
   * Added preliminary more verbose explanation about uid/euid and gid/egid
     to getuid(2) and getgid(2) (closes: Bug#285852)
   * Added a potentially Debian-only note to nsswitch.conf(5) (closes: Bug#268846)
Files: 
 4b0d41cb3b9e382fefd3b78210f78888 583 doc - manpages_1.70-2.dsc
 2405d770c4b595c0b3fab1f154eb2974 51072 doc - manpages_1.70-2.diff.gz
 9205a606025033b413cafe62416fab3b 390012 doc important manpages_1.70-2_all.deb
 661dd868c2bbd14aec3e94945d91cc9a 1073464 doc standard manpages-dev_1.70-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBybWYW5ql+IAeqTIRAvaRAJ9Aqin4SA16WxHLgim3OPcIK5+RswCfQMwU
ecwSyhdIdk3DlrISPd2hfBA=
=T8lO
-----END PGP SIGNATURE-----




Message #18 received at 205736-close@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: 205736-close@bugs.debian.org
Subject: Bug#205736: fixed in manpages 2.00-1
Date: Sat, 25 Dec 2004 15:32:11 -0500
Source: manpages
Source-Version: 2.00-1

We believe that the bug you reported is fixed in the latest version of
manpages, which is due to be installed in the Debian FTP archive:

manpages-dev_2.00-1_all.deb
  to pool/main/m/manpages/manpages-dev_2.00-1_all.deb
manpages_2.00-1.diff.gz
  to pool/main/m/manpages/manpages_2.00-1.diff.gz
manpages_2.00-1.dsc
  to pool/main/m/manpages/manpages_2.00-1.dsc
manpages_2.00-1_all.deb
  to pool/main/m/manpages/manpages_2.00-1_all.deb
manpages_2.00.orig.tar.gz
  to pool/main/m/manpages/manpages_2.00.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 205736@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Martin Schulze <joey@infodrom.org> (supplier of updated manpages package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 25 Dec 2004 20:44:43 +0100
Source: manpages
Binary: manpages manpages-dev
Architecture: source all
Version: 2.00-1
Distribution: unstable
Urgency: low
Maintainer: Martin Schulze <joey@debian.org>
Changed-By: Martin Schulze <joey@infodrom.org>
Description: 
 manpages   - Manual pages about using a GNU/Linux system
 manpages-dev - Manual pages about using GNU/Linux for development
Closes: 204292 205736 220741 222145 229618 239762 247779 249698
Changes: 
 manpages (2.00-1) unstable; urgency=low
 .
   * New upstream release
   * The new major version number reflects only that there is a new
     maintainer, and the desire to avoid eventual releases named
     man-pages-1.100 etc.
   * This release incorporates the following Debian bugs:
     - bind(2) takes const pointer (closes: Bug#239762)
     - Typo in declaration for sigtimedwait(2) (closes: Bug#222145)
     - /usr/share/man/man2/swapon.2.gz (closes: Bug#204292)
     - manual page of snprintf suggests bad coding practice (closes:
       Bug#205736)
     - undocumented(2) has wrong title (closes: Bug#220741)
     - getnameinfo(3) man-page claims errno is set (closes: Bug#229618)
     - suggested init/quit sequence in random(4) out of date (closes:
       Bug#247779)
     - stat manpage: File type checking macros documentation doesn't say
       what field is to be used (closes: Bug#249698)
     - assert(3) wrongly says that assertion errors go to stdout (cloes:
       Bug#284814)
Files: 
 431d4e9959f351f21c6daa8941e99e4e 584 doc - manpages_2.00-1.dsc
 8dc4fe441b7e012c8cefe1f83f16455c 1007776 doc - manpages_2.00.orig.tar.gz
 90ffbe4ee210d2320068f7d4b3d0a8c7 47979 doc - manpages_2.00-1.diff.gz
 8d2fba35399ff514150ed22e1c9795f9 390456 doc important manpages_2.00-1_all.deb
 b99eb8e57f9c39ab288bb91b55de5b93 1079594 doc standard manpages-dev_2.00-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBzcUnW5ql+IAeqTIRAhmIAJ9LrdxaEQTl/7qQzSUYwV5PNLrN6ACguI1A
t9MwcCmUnpK11dv0RGHdLPM=
=fOkl
-----END PGP SIGNATURE-----




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 19:58:30 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.