diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2001-07-27 17:24:21 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2001-07-27 17:24:21 +0000 |
| commit | eea87f149871d5b3020862c6c8cc276e297a4d06 (patch) | |
| tree | 69d8ead6bcee6879ef9c66480d62924400ce11be /gnu | |
| parent | 770922a0133a029d1c62af1dbcf29769abfc74ad (diff) | |
Use snprintf to avoid potential overflows; zen-parse@gmx.net
Diffstat (limited to 'gnu')
| -rw-r--r-- | gnu/usr.bin/groff/pic/pic.y | 31 |
1 files changed, 9 insertions, 22 deletions
diff --git a/gnu/usr.bin/groff/pic/pic.y b/gnu/usr.bin/groff/pic/pic.y index 6c7f4ae0b5a..4d5a35440d3 100644 --- a/gnu/usr.bin/groff/pic/pic.y +++ b/gnu/usr.bin/groff/pic/pic.y @@ -30,11 +30,14 @@ extern void do_for(char *var, double from, double to, int by_is_multiplicative, double by, char *body); extern void do_lookahead(); -#undef fmod -#undef rand - +#ifndef HAVE_FMOD extern "C" { double fmod(double, double); +} +#endif + +#undef rand +extern "C" { int rand(); } @@ -1733,23 +1736,7 @@ char *format_number(const char *form, double n) { if (form == 0) form = "%g"; - else { - // this is a fairly feeble attempt at validation of the format - int nspecs = 0; - for (const char *p = form; *p != '\0'; p++) - if (*p == '%') { - if (p[1] == '%') - p++; - else - nspecs++; - } - if (nspecs > 1) { - lex_error("bad format `%1'", form); - return strsave(form); - } - } - sprintf(sprintf_buf, form, n); - return strsave(sprintf_buf); + return do_sprintf(form, &n, 1); } char *do_sprintf(const char *form, const double *v, int nv) @@ -1771,7 +1758,7 @@ char *do_sprintf(const char *form, const double *v, int nv) if (*form == '%') { one_format += *form++; one_format += '\0'; - sprintf(sprintf_buf, one_format.contents()); + snprintf(sprintf_buf, sizeof(sprintf_buf), one_format.contents()); } else { if (i >= nv) { @@ -1782,7 +1769,7 @@ char *do_sprintf(const char *form, const double *v, int nv) } one_format += *form++; one_format += '\0'; - sprintf(sprintf_buf, one_format.contents(), v[i++]); + snprintf(sprintf_buf, sizeof(sprintf_buf), one_format.contents(), v[i++]); } one_format.clear(); result += sprintf_buf; |