Variable argument list bug in Visual C++ 2005 library

Today, I found a bug in a Visual C++ 2005 standard library related to variable argument list. The problem is that va_arg() doesn’t return correct value.

#include "stdafx.h"
#include <stdarg.h>

void var_tester( char *aString, ... )
{
    int num_arg = 1;
    va_list argument_ptr;
    int aVal;

    va_start( argument_ptr, aString );

    while( (aVal = va_arg( argument_ptr, int )) != NULL )
    {
        num_arg++;
        printf("%d st arg = %X\n", num_arg, aVal );
    }

    va_end( argument_ptr );
}

int _tmain(int argc, _TCHAR* argv[])
{
    var_tester( "Hmm..", 1, 2, 3 );
    printf("\n");
    var_tester( "Hmm..", 1, 2, 3, 4 );

    printf("\n");
    var_tester( "Hmm..", 1, 3 );

    printf("\n");
    var_tester( "Hmm..", 1, 2, 3, 4, 5 );

	return 0;
}

If the code is debugged, it works correctly. But if it is launched without debugging, it doesn’t.

Here are the screenshot.
Correct!

And.. here is the wrong one.
Wrong!

Update : han9kin left a comment which said that this was not a bug. Unix man page explains about it more well. However, I would like to put MSDN explanation here.

“va_arg retrieves a value of type from the location given by arg_ptr and increments arg_ptr to point to the next argument in the list, using the size of type to determine where the next argument starts. va_arg can be used any number of times within the function to retrieve arguments from the list.”

In a code sample following it, they passes -1 as the last parameter, and they check if -1 is retrieved ,and if so they exist the va_arg() loop.

And this hot fix, FIX: The va_arg function returns an incorrect value in a Visual C++ 2005 application , doesn’t explain what it fixes specifically.
Can anyone tell me what “the va_arg function returns an incorrect value” means?

Anyway, in the 1st sample at this site, checks it against NULL. And a sample in this site , uses a number of parameters as its 1st parameter.

Additionally, this site explains interesting topic about variable parameters.

2 responses to this post.

  1. Posted by han9kin on May 22, 2008 at 11:12 PM

    제가 알기로는 va_arg()가 인자가 끝이 났거나 인자 타입에 대한 검사를 하지 않기 때문에 끝이거나 타입이 다른 경우 예측할 수 없는 결과가 나오는 걸로 알고 있습니다.
    이게 스택을 따라 올라가는 것 뿐이라고요.

    아마 디버그모드에서 NULL이 리턴된 것도 디버그모드에서 스택의 모양이 그렇게 나온 것 같은데요.

    즉, VC의 버그가 아니라는 거죠.

    리눅스의 맨페이지에도 그렇게 적혀있습니다. (man stdarg)

    Reply

  2. Posted by jongampark on May 23, 2008 at 8:05 AM

    Hello, han9kin. Thank you for leaving comment!
    Yeah.. when I went back home, I checked Unix man page and it explains about return value of va_arg as you described. On the other hand, MSDN doesn’t explain it well.
    Let me revise my post.
    Thank you again.

    Reply

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: