wrowe 2004/06/28 11:09:16
Modified: strings Tag: APR_0_9_BRANCH apr_strings.c
Log:
Avoid any edge case or clib bug that might result in a string
overflow of the fixed 5-byte buffer for our size function.
Returns the '****' string when the buffer would overflow.
Backport of rev 1.47
Reviewed by: trawick
Revision Changes Path
No revision
No revision
1.42.2.3 +6 -3 apr/strings/apr_strings.c
Index: apr_strings.c
===================================================================
RCS file: /home/cvs/apr/strings/apr_strings.c,v
retrieving revision 1.42.2.2
retrieving revision 1.42.2.3
diff -u -r1.42.2.2 -r1.42.2.3
--- apr_strings.c 4 Apr 2004 15:21:08 -0000 1.42.2.2
+++ apr_strings.c 28 Jun 2004 18:09:16 -0000 1.42.2.3
@@ -429,7 +429,8 @@
return strcpy(buf, " - ");
}
if (size < 973) {
- sprintf(buf, "%3d ", (int) size);
+ if (apr_snprintf(buf, 5, "%3d ", (int) size) < 0)
+ return strcpy(buf, "****");
return buf;
}
do {
@@ -442,12 +443,14 @@
if (size < 9 || (size == 9 && remain < 973)) {
if ((remain = ((remain * 5) + 256) / 512) >= 10)
++size, remain = 0;
- sprintf(buf, "%d.%d%c", (int) size, remain, *o);
+ if (apr_snprintf(buf, 5, "%d.%d%c", (int) size, remain, *o) < 0)
+ return strcpy(buf, "****");
return buf;
}
if (remain >= 512)
++size;
- sprintf(buf, "%3d%c", (int) size, *o);
+ if (apr_snprintf(buf, 5, "%3d%c", (int) size, *o) < 0)
+ return strcpy(buf, "****");
return buf;
} while (1);
}
