#23 sd_vsprintf segfaults

[iabdelkader]

If I log a buffer longer than 1024 bytes sd_vsprintf segfaults, looking at sprintf.c I see that vsnprintf is called multiple times if the buffer > 1024, vsnprintf doesn't call va_end so va_list is invalid after the first call, and needs to be copied first:

va_copy(ap, a_args);
int n = vsnprintf(buffer, size, a_fmt, ap);
va_end(ap);

[František Dvořák]

Writing "me too" here. I can't see any obvious error in sprintf.c code, but it really crash there:

Program received signal SIGSEGV, Segmentation fault.
0x0000003f50479a10 in strlen () from /lib64/libc.so.6
(gdb) bt
#0 0x0000003f50479a10 in strlen () from /lib64/libc.so.6
#1 0x0000003f50446b69 in vfprintf () from /lib64/libc.so.6
#2 0x0000003f504e7188 in __vsnprintf_chk () from /lib64/libc.so.6
#3 0x00002b8d2eab5efd in sd_vsprintf () from /usr/lib64/liblog4c.so.3
#4 0x00002b8d2eab3649 in __log4c_category_vlog ()
from /usr/lib64/liblog4c.so.3
#5 0x00002b8d2e89ebc3 in log4c_category_vlog (a_category=0x1f4c2950,
a_priority=300, a_format=0x400a79 "%s", a_args=0x7ffff9809d80)
at /usr/include/log4c/category.h:358
#6 0x00002b8d2e89ecd9 in glite_common_log (catName=0x400a48 "miaow",
a_priority=300, a_format=0x400a79 "%s") at ../src/log.c:84
#7 0x000000000040090f in main () at ../tests/test.c:24

[František Dvořák]

Fixed in CVS HEAD. Thanks.

[František Dvořák]

log4c-1.2.2 released.