diff options
| author | Paul Eggert | 2011-04-28 13:09:37 -0700 |
|---|---|---|
| committer | Paul Eggert | 2011-04-28 13:09:37 -0700 |
| commit | f76dee0c23a846517e72618dec6d2424321bb32b (patch) | |
| tree | d2092b8f0034d276c1212fa848234772ea0806a0 /src | |
| parent | fdc5744d4f448c2250d798b0c271910cd6254f2d (diff) | |
| download | emacs-f76dee0c23a846517e72618dec6d2424321bb32b.tar.gz emacs-f76dee0c23a846517e72618dec6d2424321bb32b.zip | |
* doprnt.c (doprnt): Omit useless test; int overflow check (Bug#8545).
Diffstat (limited to 'src')
| -rw-r--r-- | src/ChangeLog | 4 | ||||
| -rw-r--r-- | src/doprnt.c | 8 |
2 files changed, 10 insertions, 2 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index 555fb9589f5..14727d403c2 100644 --- a/src/ChangeLog +++ b/src/ChangeLog | |||
| @@ -1,3 +1,7 @@ | |||
| 1 | 2011-04-28 Paul Eggert <eggert@cs.ucla.edu> | ||
| 2 | |||
| 3 | * doprnt.c (doprnt): Omit useless test; int overflow check (Bug#8545). | ||
| 4 | |||
| 1 | 2011-04-28 Juanma Barranquero <lekktu@gmail.com> | 5 | 2011-04-28 Juanma Barranquero <lekktu@gmail.com> |
| 2 | 6 | ||
| 3 | * w32.c (init_environment): Warn about defaulting HOME to C:\. | 7 | * w32.c (init_environment): Warn about defaulting HOME to C:\. |
diff --git a/src/doprnt.c b/src/doprnt.c index 63dba9f5850..eac1796c496 100644 --- a/src/doprnt.c +++ b/src/doprnt.c | |||
| @@ -198,8 +198,12 @@ doprnt (char *buffer, register size_t bufsize, const char *format, | |||
| 198 | while (fmt < format_end | 198 | while (fmt < format_end |
| 199 | && '0' <= fmt[1] && fmt[1] <= '9') | 199 | && '0' <= fmt[1] && fmt[1] <= '9') |
| 200 | { | 200 | { |
| 201 | if (n >= SIZE_MAX / 10 | 201 | /* Avoid int overflow, because many sprintfs seriously |
| 202 | || n * 10 > SIZE_MAX - (fmt[1] - '0')) | 202 | mess up with widths or precisions greater than |
| 203 | INT_MAX. Avoid size_t overflow, since our counters | ||
| 204 | use size_t. This test is slightly conservative, for | ||
| 205 | speed and simplicity. */ | ||
| 206 | if (n >= min (INT_MAX, SIZE_MAX) / 10) | ||
| 203 | error ("Format width or precision too large"); | 207 | error ("Format width or precision too large"); |
| 204 | n = n * 10 + fmt[1] - '0'; | 208 | n = n * 10 + fmt[1] - '0'; |
| 205 | *string++ = *++fmt; | 209 | *string++ = *++fmt; |