diff options
| author | Ray Lai <ray@cvs.openbsd.org> | 2007-01-30 03:57:30 +0000 |
|---|---|---|
| committer | Ray Lai <ray@cvs.openbsd.org> | 2007-01-30 03:57:30 +0000 |
| commit | 8b1f8c0ae1d3b9601f03a089c2bab3b6023c8570 (patch) | |
| tree | a67b22cbff6ca73fb05d2de3860b5b28fd264d65 /lib/libc/stdio | |
| parent | d34950d258240450cc4bec0c30ab7e86a83d82dc (diff) | |
Remove and simplify an impossible case (if *p = memchr(cp, 0, prec),
p - cp cannot be greater than prec).
Prevent an integer overflow when printing a string with length
greater than INT_MAX.
Initial diff from millert@.
OK millert@, beck@, and otto@.
Diffstat (limited to 'lib/libc/stdio')
| -rw-r--r-- | lib/libc/stdio/vfprintf.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/lib/libc/stdio/vfprintf.c b/lib/libc/stdio/vfprintf.c index f88ee8d04a7..74200d32e89 100644 --- a/lib/libc/stdio/vfprintf.c +++ b/lib/libc/stdio/vfprintf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfprintf.c,v 1.41 2007/01/16 19:20:53 millert Exp $ */ +/* $OpenBSD: vfprintf.c,v 1.42 2007/01/30 03:57:29 ray Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -605,15 +605,13 @@ reswitch: switch (ch) { */ char *p = memchr(cp, 0, prec); - if (p != NULL) { - size = p - cp; - if (size > prec) - size = prec; - } else { - size = prec; - } + size = p ? (p - cp) : prec; } else { - size = strlen(cp); + size_t len; + + if ((len = strlen(cp)) > INT_MAX) + goto overflow; + size = (int)len; } sign = '\0'; break; |