summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>2001-07-27 17:24:21 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>2001-07-27 17:24:21 +0000
commiteea87f149871d5b3020862c6c8cc276e297a4d06 (patch)
tree69d8ead6bcee6879ef9c66480d62924400ce11be
parent770922a0133a029d1c62af1dbcf29769abfc74ad (diff)
Use snprintf to avoid potential overflows; zen-parse@gmx.net
-rw-r--r--gnu/usr.bin/groff/pic/pic.y31
1 files changed, 9 insertions, 22 deletions
diff --git a/gnu/usr.bin/groff/pic/pic.y b/gnu/usr.bin/groff/pic/pic.y
index 6c7f4ae0b5a..4d5a35440d3 100644
--- a/gnu/usr.bin/groff/pic/pic.y
+++ b/gnu/usr.bin/groff/pic/pic.y
@@ -30,11 +30,14 @@ extern void do_for(char *var, double from, double to,
int by_is_multiplicative, double by, char *body);
extern void do_lookahead();
-#undef fmod
-#undef rand
-
+#ifndef HAVE_FMOD
extern "C" {
double fmod(double, double);
+}
+#endif
+
+#undef rand
+extern "C" {
int rand();
}
@@ -1733,23 +1736,7 @@ char *format_number(const char *form, double n)
{
if (form == 0)
form = "%g";
- else {
- // this is a fairly feeble attempt at validation of the format
- int nspecs = 0;
- for (const char *p = form; *p != '\0'; p++)
- if (*p == '%') {
- if (p[1] == '%')
- p++;
- else
- nspecs++;
- }
- if (nspecs > 1) {
- lex_error("bad format `%1'", form);
- return strsave(form);
- }
- }
- sprintf(sprintf_buf, form, n);
- return strsave(sprintf_buf);
+ return do_sprintf(form, &n, 1);
}
char *do_sprintf(const char *form, const double *v, int nv)
@@ -1771,7 +1758,7 @@ char *do_sprintf(const char *form, const double *v, int nv)
if (*form == '%') {
one_format += *form++;
one_format += '\0';
- sprintf(sprintf_buf, one_format.contents());
+ snprintf(sprintf_buf, sizeof(sprintf_buf), one_format.contents());
}
else {
if (i >= nv) {
@@ -1782,7 +1769,7 @@ char *do_sprintf(const char *form, const double *v, int nv)
}
one_format += *form++;
one_format += '\0';
- sprintf(sprintf_buf, one_format.contents(), v[i++]);
+ snprintf(sprintf_buf, sizeof(sprintf_buf), one_format.contents(), v[i++]);
}
one_format.clear();
result += sprintf_buf;