Date: Tue, 19 Dec 2000 14:58:06 +0000 From: Ben Smithurst <ben@FreeBSD.org> To: audit@FreeBSD.org Subject: Re: printf(1) broken for some long format strings Message-ID: <20001219145806.F78749@strontium.scientia.demon.co.uk> In-Reply-To: <20001219143506.C78749@strontium.scientia.demon.co.uk> References: <20001219143506.C78749@strontium.scientia.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
> [previously posted to -developers; posted to -audit too at Will Andrews' > suggestion.] I've made some changes based on some comments from bde... I think this addresses all of the points he made. (I don't read -audit so please remember to CC any comments to me, thanks.) Index: printf.c =================================================================== RCS file: /usr/cvs/src/usr.bin/printf/printf.c,v retrieving revision 1.15 diff -u -r1.15 printf.c --- printf.c 2000/09/04 06:11:25 1.15 +++ printf.c 2000/12/19 14:53:31 @@ -60,6 +60,7 @@ #ifdef SHELL #define main printfcmd #include "bltin/bltin.h" +#include "memalloc.h" #else #define warnx1(a, b, c) warnx(a) #define warnx2(a, b, c) warnx(a, b) @@ -247,12 +248,25 @@ char *str; int ch; { - static char copy[64]; - int len; + static char *copy; + static size_t copy_size; + size_t len; len = strlen(str) + 2; - if (len > sizeof copy) - return NULL; + if (len > copy_size) { +#ifdef SHELL + char *newcopy; + if ((newcopy = ckrealloc(copy, len)) == NULL) + return (NULL); + copy = newcopy; +#else + if ((copy = reallocf(copy, len)) == NULL) { + copy_size = 0; + return (NULL); + } +#endif + copy_size = len; + } memmove(copy, str, len - 3); copy[len - 3] = 'q'; -- Ben Smithurst / ben@FreeBSD.org / PGP: 0x99392F7D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001219145806.F78749>