From 6c55927ba0b4a30aa5f20fc03b3312f8670cf6f8 Mon Sep 17 00:00:00 2001 From: jim Date: Mon, 9 Dec 2002 20:21:18 +0000 Subject: Get rid of somewhat long-standing issue regarding large values of precision causing a buffer to be clobbered in the vformatter function (eg: apr_snprintf) PR: Obtained from: Submitted by: Reviewed by: git-svn-id: http://svn.apache.org/repos/asf/apr/apr/trunk@64132 13f79535-47bb-0310-9956-ffa450edef68 --- strings/apr_snprintf.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'strings') diff --git a/strings/apr_snprintf.c b/strings/apr_snprintf.c index b282f246b..aac28bfc6 100644 --- a/strings/apr_snprintf.c +++ b/strings/apr_snprintf.c @@ -321,15 +321,21 @@ static char *apr_gcvt(double number, int ndigit, char *buf, boolean_e altform) * This macro does zero padding so that the precision * requirement is satisfied. The padding is done by * adding '0's to the left of the string that is going - * to be printed. + * to be printed. We don't allow precision to be large + * enough that we continue past the start of s. + * + * NOTE: this makes use of the magic info that s is + * always based on num_buf with a size of NUM_BUF_SIZE. */ #define FIX_PRECISION(adjust, precision, s, s_len) \ - if (adjust) \ - while (s_len < precision) \ + if (adjust) { \ + int p = precision < NUM_BUF_SIZE - 1 ? precision : NUM_BUF_SIZE - 1; \ + while (s_len < p) \ { \ *--s = '0'; \ s_len++; \ - } + } \ + } /* * Macro that does padding. The padding is done by printing @@ -784,10 +790,6 @@ APR_DECLARE(int) apr_vformatter(int (*flush_func)(apr_vformatter_buff_t *), /* * Check if a precision was specified - * - * XXX: an unreasonable amount of precision may be specified - * resulting in overflow of num_buf. Currently we - * ignore this possibility. */ if (*fmt == '.') { adjust_precision = YES; -- cgit v1.2.1