Call __fortify_fatal if printf sees %n. We've ignored %n for a long time, but that's dangerous too because it makes it unclear whether the corresponding pointer argument should be supplied or not. Remove the ambiguity by just rejecting %n outright. Bug: http://b/31832608 Test: ran tests Change-Id: Ic046ad3436a30c6f8f580ea738bdcaeb01c858f8

commit: 41398d03b7e8e0dfb951660ae713e682e9fc0336 [log] [tgz]
author: Elliott Hughes <enh@google.com> Wed Mar 07 13:32:58 2018 -0800
committer: Elliott Hughes <enh@google.com> Wed Mar 07 13:32:58 2018 -0800
tree: 802d6cf0350264fffe41021f70dbd8fe1d7c35d4
parent: 0a8d5f3eb8f4087b307f237943a19ae36b094ced [diff] [blame]
diff --git a/tests/stdio_test.cpp b/tests/stdio_test.cpp
index c1a51a8..33514d4 100644
--- a/tests/stdio_test.cpp
+++ b/tests/stdio_test.cpp

@@ -335,12 +335,10 @@
 
 TEST(STDIO_TEST, snprintf_n) {
 #if defined(__BIONIC__)
-  // http://b/14492135
+  // http://b/14492135 and http://b/31832608.
   char buf[32];
   int i = 1234;
-  EXPECT_EQ(5, snprintf(buf, sizeof(buf), "a %n b", &i));
-  EXPECT_EQ(1234, i);
-  EXPECT_STREQ("a n b", buf);
+  EXPECT_DEATH(snprintf(buf, sizeof(buf), "a %n b", &i), "%n not allowed on Android");
 #else
   GTEST_LOG_(INFO) << "This test does nothing on glibc.\n";
 #endif
commit	41398d03b7e8e0dfb951660ae713e682e9fc0336	[log] [tgz]
author	Elliott Hughes <enh@google.com>	Wed Mar 07 13:32:58 2018 -0800
committer	Elliott Hughes <enh@google.com>	Wed Mar 07 13:32:58 2018 -0800
tree	802d6cf0350264fffe41021f70dbd8fe1d7c35d4
parent	0a8d5f3eb8f4087b307f237943a19ae36b094ced [diff] [blame]