BufferedVaList::index may read out of bounds
index which retrieves the value of a
va_arg at a specified index and assumes all values between the current location and the given index are of the type
Given the following havoc will ensue on
aarch64 (when not on windows... because microsoft
printf("int: %*6$d double: %lf %lf %lf %lf\n", 5, 0.1, 0.2, 0.3, 0.4, 10);
In order to properly fix this we'll need to iterate over the format string once to find the types of each value contained in the list and then actually iterate over the list.
printf is hard
There are some cases like the following that there is no way we can figure out:
printf("int: %*6$d no info on middle types\n", 5, 0.1, 0.2, 0.3, 0.4, 10);
We have no type information on the middle chunk, so the best we can do is guess. It looks like glibc assumes that the middle chunk is a
int, so that seems reasonable.
There may be cases where the programmer gives us mixed types. E.g.
printf("%1$d %1$lf", 5, 0.1); // or printf("%1$d %lf\n", 5, 0.2);
glibc seems to go with the last type declared.