You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Jim Jagielski <ji...@jaguNET.com> on 1998/05/07 14:49:00 UTC
Re: cvs commit: apache-1.3/src/ap ap_snprintf.c
martin@hyperreal.org wrote:
>
> martin 98/05/07 00:47:34
>
> Modified: src/ap ap_snprintf.c
> Log:
> Avoid core dumps for bogus ap_snprintf() format strings by using more
> defensive approach: never allow patching a prefix char in front of
> a constant string (or in front of char_buf); delimit strchr() to not
> scan past the generated string;
> Add 'h' modifier for compatibility reasons with other printf()s.
>
> - if (alternate_form && (q = strchr(s, '.')) == NULL)
> + if (alternate_form && (q = strchr(s, '.')) == NULL) {
> s[s_len++] = '.';
> + s[s_len] = '\0'; /* delimit for following strchr() */
> + }
I'm not sure I understand this... doesn't this stop the required
decimal point from being added? Or is the assumption is that if
it wasn't added in ap_gcvt() is was only because there was no space?
Wouldn't it be best to check s_len against sizeof(num_buf) and
if we have room, tack on the '.' ?? After all, ap_gcvt specifically
removes the '.' if it exists at the end of the string :/
--
===========================================================================
Jim Jagielski ||| jim@jaguNET.com ||| http://www.jaguNET.com/
"That's no ordinary rabbit... that's the most foul,
cruel and bad-tempered rodent you ever laid eyes on"