aboutsummaryrefslogtreecommitdiff
path: root/libbb
diff options
context:
space:
mode:
authorRob Landley <rob@landley.net>2006-07-11 00:44:36 +0000
committerRob Landley <rob@landley.net>2006-07-11 00:44:36 +0000
commit22d3958d760d294cd35876ce990a470fa03c046d (patch)
treeea74ae6930df883a8c6ae909998df5c0affd1631 /libbb
parent1cca9484db69971f652dfef48778da0dc56dad12 (diff)
downloadbusybox-22d3958d760d294cd35876ce990a470fa03c046d.tar.gz
Denis Vlasenko spotted the lack of bounds checking in my first attempt at
itoa/utoa.
Diffstat (limited to 'libbb')
-rw-r--r--libbb/xfuncs.c25
1 files changed, 14 insertions, 11 deletions
diff --git a/libbb/xfuncs.c b/libbb/xfuncs.c
index 00cacaadf..bcd0751ee 100644
--- a/libbb/xfuncs.c
+++ b/libbb/xfuncs.c
@@ -237,19 +237,21 @@ int wait4pid(int pid)
// http://www.unix.org/whitepapers/64bit.html
static char local_buf[12];
-void utoa_to_buf(unsigned n, char *buf, int buflen)
+void utoa_to_buf(unsigned n, char *buf, unsigned buflen)
{
int i, out = 0;
- for (i=1000000000; i; i/=10) {
- int res = n/i;
-
- if (res || out || i == 1) {
- out++;
- n -= res*i;
- *buf++ = '0' + res;
+ if (buflen) {
+ for (i=1000000000; i; i/=10) {
+ int res = n/i;
+
+ if ((res || out || i == 1) && --buflen>0) {
+ out++;
+ n -= res*i;
+ *buf++ = '0' + res;
+ }
}
+ *buf = 0;
}
- *buf = 0;
}
// Note: uses static buffer, calling it twice in a row will overwrite.
@@ -261,11 +263,12 @@ char *utoa(unsigned n)
return local_buf;
}
-void itoa_to_buf(int n, char *buf, int buflen)
+void itoa_to_buf(int n, char *buf, unsigned buflen)
{
- if (n<0) {
+ if (buflen && n<0) {
n = -n;
*buf++ = '-';
+ buflen--;
}
utoa_to_buf((unsigned)n, buf, buflen);
}