On 19.03.2009 14:34, [email protected] wrote:
> Author: stuge
> New Revision: 1159
>
> v3 vtxprintf(): Stop looking for non-ASCII characters after one has been
> found.
>
> And update the string length. Many thanks to Mathias Krause for spotting this!
>
> Signed-off-by: Peter Stuge <[email protected]>
> Acked-by: Peter Stuge <[email protected]>
>
>
> Modified: coreboot-v3/lib/vtxprintf.c
> ===================================================================
> --- coreboot-v3/lib/vtxprintf.c 2009-03-19 12:53:57 UTC (rev 1158)
> +++ coreboot-v3/lib/vtxprintf.c 2009-03-19 13:34:53 UTC (rev 1159)
> @@ -202,8 +202,11 @@
> len = strnlen(s, precision);
>
> for (i = 0; i < len; ++i)
> - if (!isprint(*s[i]))
> + if (!isprint(*s[i])) {
> s = "<non-ASCII characters>";
> + len = strlen(s);
>
Shouldn't that be
len = strnlen(s, precision);
to avoid overflowing any buffers?
Sure, the message may be truncated due to that, but I prefer truncation
to buffer overflows.
> + break;
> + }
> if (!(flags & LEFT))
> while (len < field_width--)
> tx_byte(' ', arg), count++;
>
Reminds me of the old saying: "Fixing one bug creates another." No
offense intended.
I hope that we get enough GSoC slots to find someone for the code
checker project.
Regards,
Carl-Daniel
--
http://www.hailfinger.org/
--
coreboot mailing list: [email protected]
http://www.coreboot.org/mailman/listinfo/coreboot
