Re: [rpstir-devel] [PATCH 11/13] fix scrub_for_print() when output buffer is too small

David Mandelberg Wed, 10 Jun 2015 18:11:06 -0700

On 2015-06-10 19:13, Richard Hansen wrote:
> ---
>  lib/util/stringutils.c |  9 +++++++--
>  lib/util/stringutils.h | 10 ++++++----
>  2 files changed, 13 insertions(+), 6 deletions(-)
>
> diff --git a/lib/util/stringutils.c b/lib/util/stringutils.c
> index f9b29f1..642ff68 100644
> --- a/lib/util/stringutils.c
> +++ b/lib/util/stringutils.c
> @@ -305,6 +305,7 @@ char *scrub_for_print(
>  {
>      size_t i;
>      size_t used = 0;
> +    size_t len_out = 0;
>
>      dst[0] = '\0';
>
> @@ -326,11 +327,15 @@ char *scrub_for_print(
>              fmt = "\\%c";
>          }
>
> -        used += snprintf(&dst[used], dst_sz - used, fmt, src[i]);
> +        int ret = snprintf(&dst[used], dst_sz - used, fmt, src[i]);
> +        len_out += ret;
> +        used += ((size_t)ret > (dst_sz - used)) ? (dst_sz - used) :
> (size_t)ret;


If I remember correctly, it was originally intended for there to be a 
loop invariant that used==strlen(dst). This change breaks that 
(unstated) invariant, but still works correctly as far as I can tell. So 
I think your change is fine.

>      }
>
>      if (dst_len_out)
> -        *dst_len_out = used;
> +    {
> +        *dst_len_out = len_out;
> +    }
>
>      return dst;
>  }
> diff --git a/lib/util/stringutils.h b/lib/util/stringutils.h
> index 5dbf4ff..154b54f 100644
> --- a/lib/util/stringutils.h
> +++ b/lib/util/stringutils.h
> @@ -141,6 +141,7 @@ int expand_by_doubling(
>   * @brief Replace questionable chars from string for printing.
>   *
>   * @note Caller handles memory for dst.
> + * @note Output might be truncated, compared to input.
>   * @note dst will be null terminated, at or before index dst_sz-1.
>   *
>   * @param[out] dst
> @@ -149,12 +150,13 @@ int expand_by_doubling(
>   * @param[in] src
>   *     The input string to escape.  This must not be NULL.
>   * @param[in] dst_sz
> - *     Size of the buffer at @p dst.  The buffer must be big enough 
> to
> - *     hold the entire escaped string, including the nul terminator.
> + *     Size of the buffer at @p dst.  This must not be 0.
>   * @param[out] dst_len_out
>   *     On return, the value at this location will be set to the 
> length
> - *     of the escaped string (excluding the nul terminator).  This
> - *     parameter may be NULL.
> + *     of the escaped string (excluding the nul terminator), had @p
> + *     dst_sz been big enough.  If this value is greater than or 
> equal
> + *     to @p dst_sz, then the output was truncated.  This parameter
> + *     may be NULL.
>   * @param[in] other_chars_to_escape
>   *     nul-terminated array of additional characters to escape with 
> a
>   *     backslash.  This may be NULL.

-- 
David Eric Mandelberg / dseomn
http://david.mandelberg.org/

------------------------------------------------------------------------------
_______________________________________________
rpstir-devel mailing list
rpstir-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rpstir-devel

Re: [rpstir-devel] [PATCH 11/13] fix scrub_for_print() when output buffer is too small

Reply via email to