quote: don't use sprintf()

There is no point in using sprintf(), and it adds the possibility of
either bugs due to the output not matching what the byte count loop is
expecting, or just cause people to freak out due to the notion that
"sprinf is unsafe".

Reported-by: Ed Beroset <beroset@mindspring.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>

1 files changed, 17 insertions, 7 deletions

diff --git a/quote.c b/quote.c
index 3aca4403..5381d043 100644
--- a/quote.c
+++ b/quote.c
@@ -85,12 +85,15 @@ char *nasm_quote(char *str, size_t len)
 		    break;
 		default:
 		    c1 = (p+1 < ep) ? p[1] : 0;
-		    if (c > 077 || (c1 >= '0' && c1 <= '7'))
-			qlen += 4; /* Must use the full form */
-		    else if (c > 07)
-			qlen += 3;
+		    if (c1 >= '0' && c1 <= '7')
+			c1 = 0377; /* Must use the full form */
 		    else
-			qlen += 2;
+			c1 = c;
+		    if (c1 > 077)
+			qlen++;
+		    if (c1 > 07)
+			qlen++;
+		    qlen += 2;
 		    break;
 		}
 	    } else {
@@ -155,9 +158,16 @@ char *nasm_quote(char *str, size_t len)
 		if (c < ' ' || c > '~') {
 		    c1 = (p+1 < ep) ? p[1] : 0;
 		    if (c1 >= '0' && c1 <= '7')
-			q += sprintf(q, "\\%03o", (unsigned char)c);
+			c1 = 0377; /* Must use the full form */
 		    else
-			q += sprintf(q, "\\%o", (unsigned char)c);
+			c1 = c;
+		    *q++ = '\\';
+		    if (c1 > 077)
+			*q++ = (c >> 6) + '0';
+		    if (c1 > 07)
+			*q++ = ((c >> 3) & 7) + '0';
+		    *q++ = (c & 7) + '0';
+		    break;
 		} else {
 		    *q++ = c;
 		}