diff options
| -rw-r--r-- | src/ChangeLog | 4 | ||||
| -rw-r--r-- | src/doprnt.c | 8 |
2 files changed, 10 insertions, 2 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index 555fb9589f5..14727d403c2 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,7 @@ +2011-04-28 Paul Eggert <eggert@cs.ucla.edu> + + * doprnt.c (doprnt): Omit useless test; int overflow check (Bug#8545). + 2011-04-28 Juanma Barranquero <lekktu@gmail.com> * w32.c (init_environment): Warn about defaulting HOME to C:\. diff --git a/src/doprnt.c b/src/doprnt.c index 63dba9f5850..eac1796c496 100644 --- a/src/doprnt.c +++ b/src/doprnt.c @@ -198,8 +198,12 @@ doprnt (char *buffer, register size_t bufsize, const char *format, while (fmt < format_end && '0' <= fmt[1] && fmt[1] <= '9') { - if (n >= SIZE_MAX / 10 - || n * 10 > SIZE_MAX - (fmt[1] - '0')) + /* Avoid int overflow, because many sprintfs seriously + mess up with widths or precisions greater than + INT_MAX. Avoid size_t overflow, since our counters + use size_t. This test is slightly conservative, for + speed and simplicity. */ + if (n >= min (INT_MAX, SIZE_MAX) / 10) error ("Format width or precision too large"); n = n * 10 + fmt[1] - '0'; *string++ = *++fmt; |