cvs commit: apr/strings apr_snprintf.c

[jim]

jim         2002/12/09 12:21:18

  Modified:    .        CHANGES
               strings  apr_snprintf.c
  Log:
  Get rid of somewhat long-standing issue regarding large values
  of precision causing a buffer to be clobbered in the vformatter
  function (eg: apr_snprintf)
  
  Revision  Changes    Path
  1.363     +4 -0      apr/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apr/CHANGES,v
  retrieving revision 1.362
  retrieving revision 1.363
  diff -u -r1.362 -r1.363
  --- CHANGES   30 Nov 2002 16:34:41 -0000      1.362
  +++ CHANGES   9 Dec 2002 20:21:18 -0000       1.363
  @@ -1,4 +1,8 @@
   Changes with APR 0.9.2
  +
  +  *) Prevent obscenely large values of precision in apr_vformatter
  +     from clobbering a buffer. [Sander Striker, Jim Jagielski]
  +
     *) limit the renames performed in apr_rename.pl to the most recent renames.
        [Thom May]
   
  
  
  
  1.31      +10 -8     apr/strings/apr_snprintf.c
  
  Index: apr_snprintf.c
  ===================================================================
  RCS file: /home/cvs/apr/strings/apr_snprintf.c,v
  retrieving revision 1.30
  retrieving revision 1.31
  diff -u -r1.30 -r1.31
  --- apr_snprintf.c    27 Aug 2002 02:04:04 -0000      1.30
  +++ apr_snprintf.c    9 Dec 2002 20:21:18 -0000       1.31
  @@ -321,15 +321,21 @@
    * This macro does zero padding so that the precision
    * requirement is satisfied. The padding is done by
    * adding '0's to the left of the string that is going
  - * to be printed.
  + * to be printed. We don't allow precision to be large
  + * enough that we continue past the start of s.
  + *
  + * NOTE: this makes use of the magic info that s is
  + * always based on num_buf with a size of NUM_BUF_SIZE.
    */
   #define FIX_PRECISION(adjust, precision, s, s_len)  \
  -    if (adjust)                                     \
  -        while (s_len < precision)                   \
  +    if (adjust) {                                   \
  +        int p = precision < NUM_BUF_SIZE - 1 ? precision : NUM_BUF_SIZE - 1; 
\
  +        while (s_len < p)                           \
           {                                           \
               *--s = '0';                             \
               s_len++;                                \
  -        }
  +        }                                           \
  +    }
   
   /*
    * Macro that does padding. The padding is done by printing
  @@ -784,10 +790,6 @@
   
                   /*
                    * Check if a precision was specified
  -                 *
  -                 * XXX: an unreasonable amount of precision may be specified
  -                 * resulting in overflow of num_buf. Currently we
  -                 * ignore this possibility.
                    */
                   if (*fmt == '.') {
                       adjust_precision = YES;