Date: Mon, 27 Jan 1997 04:32:32 +1100 From: Bruce Evans <bde@zeta.org.au> To: current@freebsd.org Cc: steve@freebsd.org Subject: sh expression printing bug Message-ID: <199701261732.EAA03702@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
/bin/sh prints the wrong value for `echo $((1 << 30))'. This is because expari() only provides a 10-character buffer for printing the result of an integer expression. 12 characters are required even on 32-bit machines (10 digits, one sign and one nul). The length it checked, so there is no buffer overflow bug - the output is just truncated. I made the following quick fix for the 32-bit case. I don't know exactly why the CHECKSTRSPACE() arg is 2 less than the size required. Bruce diff -c2 expand.c~ expand.c *** expand.c~ Tue Jan 14 22:19:21 1997 --- expand.c Sun Jan 26 03:36:20 1997 *************** *** 336,340 **** * characters have to be processed left to right. */ ! CHECKSTRSPACE(8, expdest); USTPUTC('\0', expdest); start = stackblock(); --- 336,343 ---- * characters have to be processed left to right. */ ! #if INT_MAX / 1000000000 >= 10 || INT_MIN / 1000000000 <= -10 ! #error "integers with more than 10 digits are not supported" ! #endif ! CHECKSTRSPACE(12 - 2, expdest); USTPUTC('\0', expdest); start = stackblock(); *************** *** 351,355 **** rmescapes(p+1); result = arith(p+1); ! fmtstr(p, 10, "%d", result); while (*p++) ; --- 354,358 ---- rmescapes(p+1); result = arith(p+1); ! fmtstr(p, 12, "%d", result); while (*p++) ;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701261732.EAA03702>