[hackers] [scc] expand: fix %d -> %s format string for char * line, check truncation or error || Hiltjo Posthuma

From: <git_AT_suckless.org>
Date: Fri, 17 Jul 2015 23:03:08 +0200 (CEST)

commit f85a7bfa8943a40c196cb4e3778106bcc77e7eb5
Author: Hiltjo Posthuma <hiltjo_AT_codemadness.org>
AuthorDate: Fri Jul 17 21:10:44 2015 +0200
Commit: Hiltjo Posthuma <hiltjo_AT_codemadness.org>
CommitDate: Fri Jul 17 22:34:34 2015 +0200

    expand: fix %d -> %s format string for char * line, check truncation or error

diff --git a/cc1/cpp.c b/cc1/cpp.c
index a1f548f..43a6d64 100644
--- a/cc1/cpp.c
+++ b/cc1/cpp.c
_AT_@ -184,7 +184,7 @@ bool
 expand(char *begin, Symbol *sym)
 {
         size_t len;
- int n;
+ int n, r;
         char *s = sym->u.s;
         char *arglist[NR_MACROARG], arguments[INPUTSIZ], buffer[BUFSIZE];
 
_AT_@ -194,7 +194,11 @@ expand(char *begin, Symbol *sym)
                 goto print_subs;
         }
         if (sym == symline) {
- sprintf(buffer, "%d", input->line);
+ r = snprintf(buffer, sizeof(buffer), "%s", input->line);
+ if(r == -1 || (size_t)r >= sizeof(buffer)) {
+ error("expansion of macro \"%s\" is too long", sym->name);
+ return 0;
+ }
                 goto print_subs;
         }
 
Received on Fri Jul 17 2015 - 23:03:08 CEST

This archive was generated by hypermail 2.3.0 : Fri Jul 17 2015 - 23:12:12 CEST