Patch Name: PHCO_27340 Patch Description: s700_800 11.00 printf(1) cumulative patch Creation Date: 02/08/19 Post Date: 02/08/26 Hardware Platforms - OS Releases: s700: 11.00 s800: 11.00 Products: N/A Filesets: OS-Core.CMDS-AUX,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP Automatic Reboot?: No Status: General Release Critical: Yes PHCO_27340: ABORT Category Tags: defect_repair general_release critical halts_system Path Name: /hp-ux_patches/s700_800/11.X/PHCO_27340 Symptoms: PHCO_27340: 1. printf(1) dumps core for some of the unlisted functionalities. 2. printf(1) gives incorrect output for "%b" with '\\' as argument. 3. printf(1) gives incorrect output for "printf %". 4. printf(1) gives incorrect output for "\\045" format. 5. printf(1) gives wrong output for printf "\\\\". 6. printf(1) dumps core with multibyte locales in some cases. PHCO_23919: 1. printf(1) dumps core if argument length is n*8-1 2. printf(1) does not support multibyte characters as input PHCO_20784: 1. printf(1) gives corrupted output when the argument is long. Defect Description: PHCO_27340: 1. printf(1) command dumps core for some of the unlisted functionalities.The cause of the problem is due to an internal buffer overflow. Here are the steps to reproduce the problem: $ printf "%ls" abcd Bus error(coredump) $ printf "%Lf" 12.34 Memory fault(coredump) Resolution: The cause of the problem is due to an internal buffer overflow. A change is made to accept only the listed functionalities of printf(1). For unlisted functionalities, printf(1) will give an error. 2. printf(1) command prints a wrong output with %b functionality.The cause of the problem is due to an internal buffer overflow. Here are the steps to reproduce the problem: $ printf "%b" \\ _=/usr/bin/printf$ Resolution: The buffer overflow problem has been fixed to resolve the issue. 3. printf(1) command prints wrong output with '%' which was a deviation from the listed behavior for printf.This was due to the '%' format not being handled properly. Here are the steps to reproduce the problem: $ printf % _=/usr/bin/printf$ $ printf 100%200 100%200$ Resolution: The code has been modified to verify if the '%' format is having any valid input or not. If there is no option for '%', then printf(1) prints till the previous character of '%'. 4. printf(1) prints '%%' for the format "\\045" while printing octal numbers.It should print '%' instead of '%%'. Here are the steps to reproduce the problem: $ printf "\045" %%$ Resolution: printf(1) is modified to print the correct output which is '%' (a single '%') instead of '%%'. 5. printf(1) prints wrong output for the "\\\\" format. The difference in the output was due to the shell not passing arguments to the program correctly. Here are the steps to reproduce the problem: $ printf "\\\\" \\$ Resolution: printf(1) is modified to print the correct output which is '\'. 6. printf(1) dumps core when LANG is set to ja_JP.eucJP. The cause of the problem was due to insufficient memory allocation for the null character. Here are the steps to reproduce the problem: $ export LANG=ja_JP.eucJP $ printf "%s %s aaa\n" "abcdef" "gh" Bus error(coredump) Resolution: printf(1) is modified to handle the null terminating character properly. PHCO_23919: 1. printf(1) dumps core if argument length is n*8-1 as one extra null character has been put for which there is no memory allocated. Resolution: Extra null character insertion has been removed to avoid the problem. 2. printf(1) does not support multibyte characters as input Resolution: Code has been changed to use wide characters which can handle both multibyte and single byte characters in input. PHCO_20784: 1. printf(1) was corrupting the output when the argument length is more than LINE_MAX value. This is because of the static allocation of memory of size LINE_MAX. Resolution: The fix is to allocate the memory dynamically based on the argument length. SR: 8606249910 8606247884 8606247888 8606249906 8606245005 8606254518 8606261057 8606261244 8606231967 8606160336 8606165798 8606200960 8606110866 8606167002 8606167200 Patch Files: OS-Core.CMDS-AUX,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: /usr/lib/nls/msg/C/printf.cat /usr/bin/printf what(1) Output: OS-Core.CMDS-AUX,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: /usr/lib/nls/msg/C/printf.cat: None OS-Core.CMDS-AUX,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: /usr/bin/printf: $Revision: 80.1.1.14 $ PATCH_11_00: printf.o 02/08/19 cksum(1) Output: OS-Core.CMDS-AUX,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: 3087006270 178 /usr/lib/nls/msg/C/printf.cat OS-Core.CMDS-AUX,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: 3164929497 28672 /usr/bin/printf Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHCO_20784 PHCO_23919 Equivalent Patches: None Patch Package Size: 50 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHCO_27340 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHCO_27340.depot By default swinstall will archive the original software in /var/adm/sw/save/PHCO_27340. If you do not wish to retain a copy of the original software, include the patch_save_files option in the swinstall command above: -x patch_save_files=false WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHCO_27340.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHCO_27340.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHCO_27340.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None