From 94eaa7ec40997c8135dff468abe35e59b6367e3d Mon Sep 17 00:00:00 2001 From: ray Date: Tue, 30 Jan 2007 03:57:29 +0000 Subject: Remove and simplify an impossible case (if *p = memchr(cp, 0, prec), p - cp cannot be greater than prec). Prevent an integer overflow when printing a string with length greater than INT_MAX. Initial diff from millert@. OK millert@, beck@, and otto@. --- lib/libc/stdio/vfprintf.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 'lib/libc/stdio/vfprintf.c') diff --git a/lib/libc/stdio/vfprintf.c b/lib/libc/stdio/vfprintf.c index f88ee8d04a7..74200d32e89 100644 --- a/lib/libc/stdio/vfprintf.c +++ b/lib/libc/stdio/vfprintf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfprintf.c,v 1.41 2007/01/16 19:20:53 millert Exp $ */ +/* $OpenBSD: vfprintf.c,v 1.42 2007/01/30 03:57:29 ray Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -605,15 +605,13 @@ reswitch: switch (ch) { */ char *p = memchr(cp, 0, prec); - if (p != NULL) { - size = p - cp; - if (size > prec) - size = prec; - } else { - size = prec; - } + size = p ? (p - cp) : prec; } else { - size = strlen(cp); + size_t len; + + if ((len = strlen(cp)) > INT_MAX) + goto overflow; + size = (int)len; } sign = '\0'; break; -- cgit v1.2.3-59-g8ed1b