You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by jo...@apache.org on 2006/07/20 10:58:44 UTC
svn commit: r423838 - in /apr/apr/branches/1.2.x: CHANGES
strings/apr_snprintf.c test/teststr.c
Author: jorton
Date: Thu Jul 20 01:58:44 2006
New Revision: 423838
URL: http://svn.apache.org/viewvc?rev=423838&view=rev
Log:
Merge r420858 from trunk:
* strings/apr_snprintf.c (apr_snprintf, apr_vsnprintf): Fix to
return number of bytes *without* NUL in overflow case.
* test/teststr.c (snprintf_overflow): New test case.
PR: 39996
Submitted by: Michal Luczaj <regenrecht o2.pl>
Modified:
apr/apr/branches/1.2.x/CHANGES
apr/apr/branches/1.2.x/strings/apr_snprintf.c
apr/apr/branches/1.2.x/test/teststr.c
Modified: apr/apr/branches/1.2.x/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr/branches/1.2.x/CHANGES?rev=423838&r1=423837&r2=423838&view=diff
==============================================================================
--- apr/apr/branches/1.2.x/CHANGES (original)
+++ apr/apr/branches/1.2.x/CHANGES Thu Jul 20 01:58:44 2006
@@ -1,5 +1,9 @@
Changes for APR 1.2.8
+ *) Fix apr_snprintf/apr_vsnprintf return value to not count the
+ NUL terminator in the overflow case. PR 39996.
+ [Michal Luczaj <regenrecht o2.pl>]
+
*) Provide folding in autogenerated .manifest files for Win32 builders
using VisualStudio 2005 [William Rowe]
Modified: apr/apr/branches/1.2.x/strings/apr_snprintf.c
URL: http://svn.apache.org/viewvc/apr/apr/branches/1.2.x/strings/apr_snprintf.c?rev=423838&r1=423837&r2=423838&view=diff
==============================================================================
--- apr/apr/branches/1.2.x/strings/apr_snprintf.c (original)
+++ apr/apr/branches/1.2.x/strings/apr_snprintf.c Thu Jul 20 01:58:44 2006
@@ -463,7 +463,8 @@
}
-
+/* Must be passed a buffer of size NUM_BUF_SIZE where buf_end points
+ * to 1 byte past the end of the buffer. */
static char *conv_apr_sockaddr(apr_sockaddr_t *sa, char *buf_end, apr_size_t *len)
{
char *p = buf_end;
@@ -473,7 +474,14 @@
p = conv_10(sa->port, TRUE, &is_negative, p, &sub_len);
*--p = ':';
- apr_sockaddr_ip_get(&ipaddr_str, sa);
+ ipaddr_str = buf_end - NUM_BUF_SIZE;
+ if (apr__sockaddr_ip_getbuf(ipaddr_str, sa->addr_str_len, sa)) {
+ /* Should only fail if the buffer is too small, which it
+ * should not be; but fail safe anyway: */
+ *--p = '?';
+ *len = buf_end - p;
+ return p;
+ }
sub_len = strlen(ipaddr_str);
#if APR_HAVE_IPV6
if (sa->family == APR_INET6 &&
@@ -1331,7 +1339,7 @@
if (len != 0) {
*vbuff.curpos = '\0';
}
- return (cc == -1) ? (int)len : cc;
+ return (cc == -1) ? (int)len - 1 : cc;
}
@@ -1354,5 +1362,5 @@
if (len != 0) {
*vbuff.curpos = '\0';
}
- return (cc == -1) ? (int)len : cc;
+ return (cc == -1) ? (int)len - 1 : cc;
}
Modified: apr/apr/branches/1.2.x/test/teststr.c
URL: http://svn.apache.org/viewvc/apr/apr/branches/1.2.x/test/teststr.c?rev=423838&r1=423837&r2=423838&view=diff
==============================================================================
--- apr/apr/branches/1.2.x/test/teststr.c (original)
+++ apr/apr/branches/1.2.x/test/teststr.c Thu Jul 20 01:58:44 2006
@@ -349,6 +349,26 @@
}
}
+static void snprintf_overflow(abts_case *tc, void *data)
+{
+ char buf[4];
+ int rv;
+
+ buf[2] = '4';
+ buf[3] = '2';
+
+ rv = apr_snprintf(buf, 2, "%s", "a");
+ ABTS_INT_EQUAL(tc, 1, rv);
+
+ rv = apr_snprintf(buf, 2, "%s", "abcd");
+ ABTS_INT_EQUAL(tc, 1, rv);
+
+ ABTS_STR_EQUAL(tc, buf, "a");
+
+ /* Check the buffer really hasn't been overflowed. */
+ ABTS_TRUE(tc, buf[2] == '4' && buf[3] == '2');
+}
+
abts_suite *teststr(abts_suite *suite)
{
suite = ADD_SUITE(suite)
@@ -364,6 +384,7 @@
abts_run_test(suite, string_strtoff, NULL);
abts_run_test(suite, overflow_strfsize, NULL);
abts_run_test(suite, string_strfsize, NULL);
+ abts_run_test(suite, snprintf_overflow, NULL);
return suite;
}