error with sprintf statement using a double (buffer overrun?)

Question

error with sprintf statement using a double (buffer overrun?)

I'm encountering an error sprintf statement. I added a printf command to help investigate, and it seems that maybe one of my doubles isn't being understood (printf outputs a string of nonsense numbers where a %3.1f should be.) However, the double is interpreted correctly the first time it is called in the printf statement. By increasing the size name from 120 to 320, the segfault does go away. But the double is still not interpreted correctly, i.e. it still outputs a string of nonsense numbers where a simple %3.1f should be. I can't figure out what I'm doing wrong. Any ideas? A minimal test case version of the code and the error message posted below.

    #include <iostream>
    #include <string>
    #include <fstream>
    #include <sstream>
    #include <strstream>
    #include <vector>

    using namespace std;


    void Back_Subt_beta()
    {

        int resonances = 4;
        char name[320];
        double rpos[66];
        double rbinmin[66];
        double rbinmax[66];

        ifstream binedgein;
        binedgein.open("binedges.dat");
        if (binedgein.is_open()) {
            cout << "data file opens" << endl;
            }
        for (int vline=1; vline<=4; vline++)
        {
            binedgein >> var1 >> var2 >> var3;
            rpos[vline-1] = var1;
            rbinmin[vline-1] = var2;
            rbinmax[vline-1] = var3;
        }
        binedgein.close();


        for (int m=2; m<=7; m++)
        {
            for (int j=0; j<resonances; j++)
            {
                printf("resonance%0#7.2feV/gammas_%3.1feV_Mcl%i", rpos[j],rpos[j],m);
                sprintf(name,"resonance%0#7.2feV/gammas_%3.1feV_Mcl%i",rpos[j],rpos[j],m);
            }
        }
        exit();
    }

and the file binedges.dat

16.2      16.0      16.5
38.75     38.25     39.25
44.5      43.5      45.5
55.25     54.75     55.75

And the error:

Processing Back_Subt_beta.C...
data file opens

 *** Break *** segmentation violation
resonance0016.20eV/gammas_917241681885348612676436160464141677586357964289319457240620564649334534999701390133785258335880600276911524435084428436805391368574132924760441246552362332456319675531264.0eV_Mcl16(no debugging symbols found)
Using host libthread_db library "/lib/tls/libthread_db.so.1".
Attaching to program: /proc/7689/exe, process 7689
[Thread debugging using libthread_db enabled]
[New Thread -1208284352 (LWP 7689)]
(no debugging symbols found)...done.
(no debugging symbols found)...done.
(no debugging symbols found)...done.
(no debugging symbols found)...done.
(no debugging symbols found)...done.
(no debugging symbols found)...done.
(no debugging symbols found)...done.
(no debugging symbols found)...done.
(no debugging symbols found)...done.
(no debugging symbols found)...done.
(no debugging symbols found)...done.
(no debugging symbols found)...done.

0x006dd7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x014d3533 in __waitpid_nocancel () from /lib/tls/libc.so.6
#2  0x0147c869 in do_system () from /lib/tls/libc.so.6
#3  0x00962b8d in system () from /lib/tls/libpthread.so.0
#4  0x00bebc8e in TUnixSystem::Exec () from /usr/local/root/lib/libCore.so
#5  0x00be6dfb in TUnixSystem::StackTrace () from /usr/local/root/lib/libCore.so
#6  0x00be5c53 in TUnixSystem::DispatchSignals () from /usr/local/root/lib/libCore.so
#7  0x00bebf4d in SigHandler () from /usr/local/root/lib/libCore.so
#8  0x00be0590 in sighandler () from /usr/local/root/lib/libCore.so
#9  <signal handler called>
#10 0x014b1d0a in strcmp () from /lib/tls/libc.so.6
#11 0x003033be in G__searchvariable () from /usr/local/root/lib/libCint.so
#12 0x002f9514 in G__getvariable () from /usr/local/root/lib/libCint.so
#13 0x0021de97 in G__getitem () from /usr/local/root/lib/libCint.so
#14 0xbfeb89dc in ?? ()
#15 0x0021c633 in G__getexpr () from /usr/local/root/lib/libCint.so
#16 0x00000048 in ?? ()
#17 0x002e9bc8 in G__letvariable () from /usr/local/root/lib/libCint.so
#18 0xbfeb987c in ?? ()
Root > Function Back_Subt_beta() busy flag cleared

c++

arrays

segmentation-fault

printf

asked on Stack Overflow Jun 21, 2012 by

neverskipbreakfast • edited Jun 21, 2012 by

neverskipbreakfast

3 Answers

I think your problem is that the char array name is only 120 bytes, but you are overflowing that buffer with your sprintf statement. Increase the size of your char buffer from 120 bytes to a larger value. Better yet, use snprintf() instead of sprintf().

answered on Stack Overflow Jun 21, 2012 by (unknown user)

I wondered what that number was, so I did this:

$ python
Python 2.7.2+ (default, Oct  4 2011, 20:06:09) 
[GCC 4.6.1] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> x = 917241681885348612676436160464141677586357964289319457240620564649334534999701390133785258335880600276911524435084428436805391368574132924760441246552362332456319675531264.0
>>> import struct
>>> struct.pack('<d', x)
'resonanc'

So the original error was definitely caused by your string overwriting the buffer. If you're getting a different garbage value, try looking at the actual bits, and maybe you'll figure it out.

answered on Stack Overflow Jun 21, 2012 by

Derek Ledbetter

you are overflowing the name char array which is 120 chars only. Better would be to use std::string namestr and then do str.c_str() while stuffing the name

answered on Stack Overflow Jun 21, 2012 by

Jay D

User contributions licensed under CC BY-SA 3.0