Subject: _doprnt %c bug (#69) Index: lib/libc/pdp/stdio 2.11BSD Description: There is a serious bug in _doprnt's handling of %c. Null characters are ignored! This causes a problem in 'telnet's terminal type negotiations which need a null byte after the suboption byte. The %r command was also removed since it was undocumented and not present in 4.3BSD (or later). A side benefit is the saving of a few bytes of space. Repeat-By: Run the test program below. If the output is not 3 then the bug is present. ---------------------------cut here------------------------ char buf[32]; main() { sprintf(buf, "%c%c%c%c%s%c%c", 0xff, 0xfa, 0x18, 0x00, "VT100", 0xff, 0xf0); printf("strlen = %d\n", strlen(buf)); } ------------------------cut here------------------------- Fix: Apply the patch below and replace doprnt.o in /lib/libc.a and /usr/lib/libc_p.a. Save the patch below into /tmp/foo and: cd /usr/src/lib/libc/pdp/stdio patch < /tmp/foo make ar /lib/libc.a doprnt.o cd profiled ar /usr/lib/libc.a doprnt.o cd .. ranlib /lib/libc.a /usr/lib/libc_p.a make clean --------------------------cut here------------------------------- *** /usr/src/lib/libc/pdp/stdio/doprnt.s.old Thu Dec 31 16:10:52 1987 --- /usr/src/lib/libc/pdp/stdio/doprnt.s Tue Aug 25 19:42:46 1992 *************** *** 5,11 **** */ #ifdef LIBC_SCCS ! <@(#)doprnt.s 5.4 (Berkeley) 1/25/87\0> .even #endif LIBC_SCCS --- 5,12 ---- */ #ifdef LIBC_SCCS ! /* <@(#)doprnt.s 5.4 (Berkeley) 1/25/87\0> */ ! <@(#)doprnt.s 5.5 (GTE) 8/25/92\0> .even #endif LIBC_SCCS *************** *** 34,40 **** longorunsg; 'l longorunsg; 'L unsigned; 'u - remote; 'r long; 'D loct; 'O lhex; 'X --- 35,40 ---- *************** *** 244,251 **** charac: mov $' ,zfill(r5) mov (r4)+,r0 - bic $!377,r0 - beq prbuf movb r0,(r3)+ br prbuf --- 244,249 ---- *************** *** 282,293 **** 1: mov pc,r2 jsr pc,pscien - br prbuf - - remote: - mov (r4)+,r4 - mov (r4)+,formp(r5) - jmp loop prbuf: mov sp,r2 --- 280,285 ----