Date: Tue, 19 Dec 2000 14:35:06 +0000 From: Ben Smithurst <ben@FreeBSD.org> To: audit@FreeBSD.org Subject: printf(1) broken for some long format strings Message-ID: <20001219143506.C78749@strontium.scientia.demon.co.uk>
next in thread | raw e-mail | index | archive | help
[previously posted to -developers; posted to -audit too at Will Andrews'
suggestion.]
printf(1) is broken for some long format strings, like
printf "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%d\n" 1
for a sufficiently large number of X's. Does anyone have any objections
to this fix?
thanks.
Index: printf.c
===================================================================
RCS file: /usr/cvs/src/usr.bin/printf/printf.c,v
retrieving revision 1.15
diff -u -r1.15 printf.c
--- printf.c 2000/09/04 06:11:25 1.15
+++ printf.c 2000/12/19 02:17:18
@@ -247,12 +247,18 @@
char *str;
int ch;
{
- static char copy[64];
+ static char *copy = NULL;
+ static size_t copy_size = 0;
+ char *newcopy;
int len;
len = strlen(str) + 2;
- if (len > sizeof copy)
- return NULL;
+ if (len > copy_size) {
+ if ((newcopy = realloc(copy, len)) == NULL)
+ return NULL;
+ copy = newcopy;
+ copy_size = len;
+ }
memmove(copy, str, len - 3);
copy[len - 3] = 'q';
--
Ben Smithurst / ben@FreeBSD.org / PGP: 0x99392F7D
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001219143506.C78749>