wrowe 2004/06/28 11:09:09
Modified: strings apr_strings.c
Log:
Avoid any edge case or clib bug that might result in a string
overflow of the fixed 5-byte buffer for our size function.
Returns the '****' string when the buffer would overflow.
Revision Changes Path
1.47 +6 -3 apr/strings/apr_strings.c
Index: apr_strings.c
===================================================================
RCS file: /home/cvs/apr/strings/apr_strings.c,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -r1.46 -r1.47
--- apr_strings.c 4 Jun 2004 23:22:00 -0000 1.46
+++ apr_strings.c 28 Jun 2004 18:09:09 -0000 1.47
@@ -437,7 +437,8 @@
return strcpy(buf, " - ");
}
if (size < 973) {
- sprintf(buf, "%3d ", (int) size);
+ if (apr_snprintf(buf, 5, "%3d ", (int) size) < 0)
+ return strcpy(buf, "****");
return buf;
}
do {
@@ -450,12 +451,14 @@
if (size < 9 || (size == 9 && remain < 973)) {
if ((remain = ((remain * 5) + 256) / 512) >= 10)
++size, remain = 0;
- sprintf(buf, "%d.%d%c", (int) size, remain, *o);
+ if (apr_snprintf(buf, 5, "%d.%d%c", (int) size, remain, *o) < 0)
+ return strcpy(buf, "****");
return buf;
}
if (remain >= 512)
++size;
- sprintf(buf, "%3d%c", (int) size, *o);
+ if (apr_snprintf(buf, 5, "%3d%c", (int) size, *o) < 0)
+ return strcpy(buf, "****");
return buf;
} while (1);
}
