Merge pull request #15 from melloc/fmt-overflow
Protect against overflowing during OFMT/CONVFMT conversions
This commit is contained in:
commit
52ef99e310
|
@ -26,3 +26,9 @@ Instead, it should convert the value to numeric and give that value.
|
||||||
|
|
||||||
8. missing-precision: When using the format string "%*s", the precision
|
8. missing-precision: When using the format string "%*s", the precision
|
||||||
argument was used without checking if it was present first.
|
argument was used without checking if it was present first.
|
||||||
|
|
||||||
|
9. fmt-overflow: The buffer used for OFMT/CONVFMT conversions was written
|
||||||
|
to with sprintf(), which meant that some conversions could write past the
|
||||||
|
end.
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
BEGIN { OFMT = "%.1000f"; print 1.25; }
|
|
@ -0,0 +1 @@
|
||||||
|
1.2500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
|
6
tran.c
6
tran.c
|
@ -395,7 +395,7 @@ Awkfloat getfval(Cell *vp) /* get float val of a Cell */
|
||||||
|
|
||||||
static char *get_str_val(Cell *vp, char **fmt) /* get string val of a Cell */
|
static char *get_str_val(Cell *vp, char **fmt) /* get string val of a Cell */
|
||||||
{
|
{
|
||||||
char s[100]; /* BUG: unchecked */
|
char s[256];
|
||||||
double dtemp;
|
double dtemp;
|
||||||
|
|
||||||
if ((vp->tval & (NUM | STR)) == 0)
|
if ((vp->tval & (NUM | STR)) == 0)
|
||||||
|
@ -434,9 +434,9 @@ static char *get_str_val(Cell *vp, char **fmt) /* get string val of a Cel
|
||||||
if (freeable(vp)) \
|
if (freeable(vp)) \
|
||||||
xfree(vp->sval); \
|
xfree(vp->sval); \
|
||||||
if (modf(vp->fval, &dtemp) == 0) /* it's integral */ \
|
if (modf(vp->fval, &dtemp) == 0) /* it's integral */ \
|
||||||
sprintf(s, "%.30g", vp->fval); \
|
snprintf(s, sizeof (s), "%.30g", vp->fval); \
|
||||||
else \
|
else \
|
||||||
sprintf(s, *fmt, vp->fval); \
|
snprintf(s, sizeof (s), *fmt, vp->fval); \
|
||||||
vp->sval = tostring(s); \
|
vp->sval = tostring(s); \
|
||||||
vp->tval &= ~DONTFREE; \
|
vp->tval &= ~DONTFREE; \
|
||||||
vp->tval |= STR; \
|
vp->tval |= STR; \
|
||||||
|
|
Loading…
Reference in New Issue