diff options
author | wrowe <wrowe@13f79535-47bb-0310-9956-ffa450edef68> | 2004-06-28 18:09:09 +0000 |
---|---|---|
committer | wrowe <wrowe@13f79535-47bb-0310-9956-ffa450edef68> | 2004-06-28 18:09:09 +0000 |
commit | ccedabb5e2841aa5b565cef5df701fabed42c34b (patch) | |
tree | ef79e16b3d260346837afc27f013da01efbd85bf /strings | |
parent | 19d2f800f5ce867b734d7061c37eb2e656643ce4 (diff) | |
download | libapr-ccedabb5e2841aa5b565cef5df701fabed42c34b.tar.gz |
Avoid any edge case or clib bug that might result in a string
overflow of the fixed 5-byte buffer for our size function.
Returns the '****' string when the buffer would overflow.
git-svn-id: http://svn.apache.org/repos/asf/apr/apr/trunk@65226 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'strings')
-rw-r--r-- | strings/apr_strings.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/strings/apr_strings.c b/strings/apr_strings.c index ddf43ba10..23531022e 100644 --- a/strings/apr_strings.c +++ b/strings/apr_strings.c @@ -437,7 +437,8 @@ APR_DECLARE(char *) apr_strfsize(apr_off_t size, char *buf) return strcpy(buf, " - "); } if (size < 973) { - sprintf(buf, "%3d ", (int) size); + if (apr_snprintf(buf, 5, "%3d ", (int) size) < 0) + return strcpy(buf, "****"); return buf; } do { @@ -450,12 +451,14 @@ APR_DECLARE(char *) apr_strfsize(apr_off_t size, char *buf) if (size < 9 || (size == 9 && remain < 973)) { if ((remain = ((remain * 5) + 256) / 512) >= 10) ++size, remain = 0; - sprintf(buf, "%d.%d%c", (int) size, remain, *o); + if (apr_snprintf(buf, 5, "%d.%d%c", (int) size, remain, *o) < 0) + return strcpy(buf, "****"); return buf; } if (remain >= 512) ++size; - sprintf(buf, "%3d%c", (int) size, *o); + if (apr_snprintf(buf, 5, "%3d%c", (int) size, *o) < 0) + return strcpy(buf, "****"); return buf; } while (1); } |