From owner-freebsd-current Sun Jan 26 09:35:58 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA16091 for current-outgoing; Sun, 26 Jan 1997 09:35:58 -0800 (PST) Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA16075; Sun, 26 Jan 1997 09:35:40 -0800 (PST) Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.3/8.6.9) id EAA03702; Mon, 27 Jan 1997 04:32:32 +1100 Date: Mon, 27 Jan 1997 04:32:32 +1100 From: Bruce Evans Message-Id: <199701261732.EAA03702@godzilla.zeta.org.au> To: current@freebsd.org Subject: sh expression printing bug Cc: steve@freebsd.org Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk /bin/sh prints the wrong value for `echo $((1 << 30))'. This is because expari() only provides a 10-character buffer for printing the result of an integer expression. 12 characters are required even on 32-bit machines (10 digits, one sign and one nul). The length it checked, so there is no buffer overflow bug - the output is just truncated. I made the following quick fix for the 32-bit case. I don't know exactly why the CHECKSTRSPACE() arg is 2 less than the size required. Bruce diff -c2 expand.c~ expand.c *** expand.c~ Tue Jan 14 22:19:21 1997 --- expand.c Sun Jan 26 03:36:20 1997 *************** *** 336,340 **** * characters have to be processed left to right. */ ! CHECKSTRSPACE(8, expdest); USTPUTC('\0', expdest); start = stackblock(); --- 336,343 ---- * characters have to be processed left to right. */ ! #if INT_MAX / 1000000000 >= 10 || INT_MIN / 1000000000 <= -10 ! #error "integers with more than 10 digits are not supported" ! #endif ! CHECKSTRSPACE(12 - 2, expdest); USTPUTC('\0', expdest); start = stackblock(); *************** *** 351,355 **** rmescapes(p+1); result = arith(p+1); ! fmtstr(p, 10, "%d", result); while (*p++) ; --- 354,358 ---- rmescapes(p+1); result = arith(p+1); ! fmtstr(p, 12, "%d", result); while (*p++) ;