You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Jim Jagielski <ji...@jaguNET.com> on 1998/05/07 14:49:00 UTC

Re: cvs commit: apache-1.3/src/ap ap_snprintf.c

martin@hyperreal.org wrote:
> 
> martin      98/05/07 00:47:34
> 
>   Modified:    src/ap   ap_snprintf.c
>   Log:
>   Avoid core dumps for bogus ap_snprintf() format strings by using more
>   defensive approach: never allow patching a prefix char in front of
>   a constant string (or in front of char_buf); delimit strchr() to not
>   scan past the generated string;
>   Add 'h' modifier for compatibility reasons with other printf()s.
>   
>   -		if (alternate_form && (q = strchr(s, '.')) == NULL)
>   +		if (alternate_form && (q = strchr(s, '.')) == NULL) {
>    		    s[s_len++] = '.';
>   +		    s[s_len] = '\0'; /* delimit for following strchr() */
>   +		}

I'm not sure I understand this... doesn't this stop the required
decimal point from being added? Or is the assumption is that if
it wasn't added in ap_gcvt() is was only because there was no space?
Wouldn't it be best to check s_len against sizeof(num_buf) and
if we have room, tack on the '.' ?? After all, ap_gcvt specifically
removes the '.' if it exists at the end of the string :/
-- 
===========================================================================
   Jim Jagielski   |||   jim@jaguNET.com   |||   http://www.jaguNET.com/
            "That's no ordinary rabbit... that's the most foul,
            cruel and bad-tempered rodent you ever laid eyes on"