Backport #1232
closedsprintf Heap Corruption
Description
=begin
Build ruby with -RCT1 using MSVC 2008. Then run this ruby program:
puts sprintf("%0.1fs", Time.now)
It will result in this error:
Debug Error: "HEAP CORRUPTION DETECTED: after normal block (#10921) at 0x02522F58. CRT detected that the application wrote to memory after end of heap buffer."
Investigating:
- In util.c, ruby_dtoa, line 3365:
s = s0 = rv_alloc(i);
-
Lower down at line 3449:
for (i = 1;; i++, dval(d) *= 10.) {
In the specific test case, i is 11. The loop goes from 1 to 11, thereby filling the entire buffer. After the loop a "0" is written to the buffer, but this is at byte 12, thereby overwriting the buffer causing an assertion failure.
Attached is a patch that fixes the problem by allocating one more byte to the buffer. However, this is complex code, and perhaps there is some other patch (for example, changing the loop to start at 0 not 1).
=end
Files