Date: Tue, 19 Dec 2000 14:58:06 +0000 From: Ben Smithurst <ben@FreeBSD.org> To: audit@FreeBSD.org Subject: Re: printf(1) broken for some long format strings Message-ID: <20001219145806.F78749@strontium.scientia.demon.co.uk> In-Reply-To: <20001219143506.C78749@strontium.scientia.demon.co.uk> References: <20001219143506.C78749@strontium.scientia.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
> [previously posted to -developers; posted to -audit too at Will Andrews'
> suggestion.]
I've made some changes based on some comments from bde... I think this
addresses all of the points he made.
(I don't read -audit so please remember to CC any comments to me,
thanks.)
Index: printf.c
===================================================================
RCS file: /usr/cvs/src/usr.bin/printf/printf.c,v
retrieving revision 1.15
diff -u -r1.15 printf.c
--- printf.c 2000/09/04 06:11:25 1.15
+++ printf.c 2000/12/19 14:53:31
@@ -60,6 +60,7 @@
#ifdef SHELL
#define main printfcmd
#include "bltin/bltin.h"
+#include "memalloc.h"
#else
#define warnx1(a, b, c) warnx(a)
#define warnx2(a, b, c) warnx(a, b)
@@ -247,12 +248,25 @@
char *str;
int ch;
{
- static char copy[64];
- int len;
+ static char *copy;
+ static size_t copy_size;
+ size_t len;
len = strlen(str) + 2;
- if (len > sizeof copy)
- return NULL;
+ if (len > copy_size) {
+#ifdef SHELL
+ char *newcopy;
+ if ((newcopy = ckrealloc(copy, len)) == NULL)
+ return (NULL);
+ copy = newcopy;
+#else
+ if ((copy = reallocf(copy, len)) == NULL) {
+ copy_size = 0;
+ return (NULL);
+ }
+#endif
+ copy_size = len;
+ }
memmove(copy, str, len - 3);
copy[len - 3] = 'q';
--
Ben Smithurst / ben@FreeBSD.org / PGP: 0x99392F7D
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001219145806.F78749>