bin/90333: libc/gdtoa::__hldtoa() bug
Poul-Henning Kamp
phk at critter.freebsd.dk
Tue Dec 13 05:40:05 PST 2005
>Number: 90333
>Category: bin
>Synopsis: libc/gdtoa::__hldtoa() bug
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Dec 13 13:40:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Poul-Henning Kamp
>Release: FreeBSD 7.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD critter.freebsd.dk 7.0-CURRENT FreeBSD 7.0-CURRENT #5: Sat Sep 17 14:53:58 CEST 2005 root at critter.freebsd.dk:/freebsd/src/sys/i386/compile/CRITTER i386
>Description:
/* You're not supposed to hit this problem */
For some denormalized long double values, a bug in __hldtoa() (called
from *printf()'s %A format) results in a base 16 digit being rounded
up from 0xf to 0x10.
When this digit is subsequently converted to string format, an index
of 10 reaches past the end of the uppper-case hex/char array, picking
up whatever the code segment happen to contain at that address.
This mostly seem to be some character from the upper half of the
byte range.
When using the %a format instead of %A, the first character past
the end of the lowercase hex/char table happens to be index 0 in
the uppercase hex/char table hextable and therefore the string
representation features a '0', which is supposedly correct.
This leads me to belive that the proper fix _may_ be as simple as
masking all but the lower four bits off after incrementing a hex-digit
in libc/gdtoa/_hdtoa.c:roundup(). I worry however that the upper
bit in 0x10 indicates a carry not carried.
Until das@ or bde@ finds time to visit this issue, extend the
hexdigit arrays with a 17th index containing '?' so that we get a
invalid but consistent and printable output in both %a and %A formats
whenever this bug strikes.
This unmasks the bug in the %a format therefore solving the real
issue may both become easier and more urgent.
Possibly related to: PR 85080
With help by: bde@
Revision Changes Path
1.71 +2 -2 src/lib/libc/stdio/vfprintf.c
>How-To-Repeat:
#include <ieeefp.h>
#include <stdio.h>
#include <math.h>
#include <vis.h>
static void
pri(const char *fmt, double d)
{
char buf[BUFSIZ], buf2[BUFSIZ];
sprintf(buf, fmt, d, d, d, d);
strvis(buf2, buf, VIS_OCTAL);
printf("[%s]\n", buf2);
}
int
main(int argc, char **argv)
{
long double x, y;
int i;
pri("%-.1LA", 1.0);
pri("%-.21LA", 1.0);
fpsetprec(FP_PE);
x = 0xF.FC0000000000000000000p-1022;
y = pow(2.0, -1022.0);
y *= y; /* -2044 */
y *= y; /* -4088 */
y *= y; /* -8176 */
y *= y; /* -16352 */
y *= pow(2.0, -35.0); /* -16387 */
y *= pow(2.0, 1022.0); /* -16387+1022 */
x *= y; /* 0XF.FC0000000000000000000p-16387 degcc'ed */
printf("%-.1LA\n", x);
return (0);
}
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list