From 913c09becd9df89dbd9b9f386e7f35c240d5efe8 Mon Sep 17 00:00:00 2001
From: Bruno Haible <bruno@clisp.org>
Date: Fri, 19 Oct 2007 01:50:42 +0200
Subject: [PATCH] Don't use %n on glibc >= 2.3 systems.

---
 ChangeLog        |  5 +++++
 lib/vasnprintf.c | 12 ++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 73ac493f8..2a3499900 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2007-10-18  Bruno Haible  <bruno@clisp.org>
+
+	* m4/vasnprintf.m4 (VASNPRINTF): Don't use %n on glibc >= 2.3 systems.
+	Reported by Jim Meyering.
+
 2007-10-18  Eric Blake  <ebb9@byu.net>
 
 	* modules/filenamecat-tests (Makefile.am): Link against -lintl.
diff --git a/lib/vasnprintf.c b/lib/vasnprintf.c
index f56382334..5d818aa64 100644
--- a/lib/vasnprintf.c
+++ b/lib/vasnprintf.c
@@ -3385,9 +3385,21 @@ VASNPRINTF (DCHAR_T *resultbuf, size_t *lengthp,
 #endif
 		  *fbp = dp->conversion;
 #if USE_SNPRINTF
+# if !(__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 3))
 		fbp[1] = '%';
 		fbp[2] = 'n';
 		fbp[3] = '\0';
+# else
+		/* On glibc2 systems from glibc >= 2.3 - probably also older
+		   ones - we know that snprintf's returns value conforms to
+		   ISO C 99: the gl_SNPRINTF_DIRECTIVE_N test passes.
+		   Therefore we can avoid using %n in this situation.
+		   On glibc2 systems from 2004-10-18 or newer, the use of %n
+		   in format strings in writable memory may crash the program
+		   (if compiled with _FORTIFY_SOURCE=2), so we should avoid it
+		   in this situation.  */
+		fbp[1] = '\0';
+# endif
 #else
 		fbp[1] = '\0';
 #endif
-- 
2.11.0