diff options
author | Rob Landley <rob@landley.net> | 2006-07-11 00:44:36 +0000 |
---|---|---|
committer | Rob Landley <rob@landley.net> | 2006-07-11 00:44:36 +0000 |
commit | 22d3958d760d294cd35876ce990a470fa03c046d (patch) | |
tree | ea74ae6930df883a8c6ae909998df5c0affd1631 /libbb | |
parent | 1cca9484db69971f652dfef48778da0dc56dad12 (diff) | |
download | busybox-22d3958d760d294cd35876ce990a470fa03c046d.tar.gz |
Denis Vlasenko spotted the lack of bounds checking in my first attempt at
itoa/utoa.
Diffstat (limited to 'libbb')
-rw-r--r-- | libbb/xfuncs.c | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/libbb/xfuncs.c b/libbb/xfuncs.c index 00cacaadf..bcd0751ee 100644 --- a/libbb/xfuncs.c +++ b/libbb/xfuncs.c @@ -237,19 +237,21 @@ int wait4pid(int pid) // http://www.unix.org/whitepapers/64bit.html static char local_buf[12]; -void utoa_to_buf(unsigned n, char *buf, int buflen) +void utoa_to_buf(unsigned n, char *buf, unsigned buflen) { int i, out = 0; - for (i=1000000000; i; i/=10) { - int res = n/i; - - if (res || out || i == 1) { - out++; - n -= res*i; - *buf++ = '0' + res; + if (buflen) { + for (i=1000000000; i; i/=10) { + int res = n/i; + + if ((res || out || i == 1) && --buflen>0) { + out++; + n -= res*i; + *buf++ = '0' + res; + } } + *buf = 0; } - *buf = 0; } // Note: uses static buffer, calling it twice in a row will overwrite. @@ -261,11 +263,12 @@ char *utoa(unsigned n) return local_buf; } -void itoa_to_buf(int n, char *buf, int buflen) +void itoa_to_buf(int n, char *buf, unsigned buflen) { - if (n<0) { + if (buflen && n<0) { n = -n; *buf++ = '-'; + buflen--; } utoa_to_buf((unsigned)n, buf, buflen); } |