bin/90333: libc/gdtoa::__hldtoa() bug

Poul-Henning Kamp phk at
Tue Dec 13 05:40:05 PST 2005

>Number:         90333
>Category:       bin
>Synopsis:       libc/gdtoa::__hldtoa() bug
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 13 13:40:02 GMT 2005
>Originator:     Poul-Henning Kamp
>Release:        FreeBSD 7.0-CURRENT i386
System: FreeBSD 7.0-CURRENT FreeBSD 7.0-CURRENT #5: Sat Sep 17 14:53:58 CEST 2005 root at i386


  /* You're not supposed to hit this problem */
  For some denormalized long double values, a bug in __hldtoa() (called
  from *printf()'s %A format) results in a base 16 digit being rounded
  up from 0xf to 0x10.
  When this digit is subsequently converted to string format, an index
  of 10 reaches past the end of the uppper-case hex/char array, picking
  up whatever the code segment happen to contain at that address.
  This mostly seem to be some character from the upper half of the
  byte range.
  When using the %a format instead of %A, the first character past
  the end of the lowercase hex/char table happens to be index 0 in
  the uppercase hex/char table hextable and therefore the string
  representation features a '0', which is supposedly correct.
  This leads me to belive that the proper fix _may_ be as simple as
  masking all but the lower four bits off after incrementing a hex-digit
  in libc/gdtoa/_hdtoa.c:roundup().  I worry however that the upper
  bit in 0x10 indicates a carry not carried.
  Until das@ or bde@ finds time to visit this issue, extend the
  hexdigit arrays with a 17th index containing '?' so that we get a
  invalid but consistent and printable output in both %a and %A formats
  whenever this bug strikes.
  This unmasks the bug in the %a format therefore solving the real
  issue may both become easier and more urgent.
  Possibly related to:    PR 85080
  With help by:           bde@
  Revision  Changes    Path
  1.71      +2 -2      src/lib/libc/stdio/vfprintf.c


	#include <ieeefp.h>
	#include <stdio.h>
	#include <math.h>
	#include <vis.h>

	static void
	pri(const char *fmt, double d)
		char buf[BUFSIZ], buf2[BUFSIZ];

		sprintf(buf, fmt, d, d, d, d);
		strvis(buf2, buf, VIS_OCTAL);
		printf("[%s]\n", buf2);

	main(int argc, char **argv)
		long double x, y;
		int i;

		pri("%-.1LA", 1.0);
		pri("%-.21LA", 1.0);

		x = 0xF.FC0000000000000000000p-1022;
		y = pow(2.0, -1022.0);
		y *= y;			/* -2044 */
		y *= y;			/* -4088 */
		y *= y;			/* -8176 */
		y *= y;			/* -16352 */
		y *= pow(2.0, -35.0);	/* -16387 */
		y *= pow(2.0, 1022.0);	/* -16387+1022 */
		x *= y;			/* 0XF.FC0000000000000000000p-16387 degcc'ed */
		printf("%-.1LA\n", x);
		return (0);




More information about the freebsd-bugs mailing list