https://issues.apache.org/bugzilla/show_bug.cgi?id=55696
--- Comment #13 from Rainer Jung <rainer.j...@kippdata.de> --- A more minimalistic patch would be (untested yet): Index: common/jk_map.c =================================================================== --- common/jk_map.c (revision 1583423) +++ common/jk_map.c (working copy) @@ -206,7 +206,6 @@ const char *rc; size_t len; int int_res; - int multit = 1; sprintf(buf, "%d", def); rc = jk_map_get_string(m, name, buf); @@ -213,22 +212,21 @@ len = strlen(rc); if (len) { - char *lastchar = &buf[0] + len - 1; - strcpy(buf, rc); + const char *lastchar = &rc[0] + len - 1; + int multit = 1; if ('m' == *lastchar || 'M' == *lastchar) { - *lastchar = '\0'; multit = 1024 * 1024; } else if ('k' == *lastchar || 'K' == *lastchar) { - *lastchar = '\0'; multit = 1024; } - int_res = atoi(buf); + /* Safe because atoi() will stop at any non-numeric lastchar */ + int_res = atoi(rc) * multit; } else int_res = def; - return int_res * multit; + return int_res; } double jk_map_get_double(jk_map_t *m, const char *name, double def) The only reason for using a copy of rc seems to be that we terminate the string after the number in case there was a scaling character ("k" or "M" etc.). But atoi should stop converting to a number when detecting such a character anyhow, so we don't nee to overwrite it with a zero byte and thus can operate on the original rc. No string copy, no overlap. Moving the use of multit completely to the non-default value block because it is a bit misleading to multiply in the default case (factor was "1" there). -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org