diff options
author | Ulrich Drepper <drepper@redhat.com> | 2007-05-01 04:11:51 +0000 |
---|---|---|
committer | Ulrich Drepper <drepper@redhat.com> | 2007-05-01 04:11:51 +0000 |
commit | c01c245517b43fa3b983168197e7d05eef5f9828 (patch) | |
tree | ea28243abe444e41613541b9ca0349c02b636270 /stdio-common | |
parent | b866373d82d6378a4ae22bab1a00f8e012b7da68 (diff) | |
download | glibc-c01c245517b43fa3b983168197e7d05eef5f9828.zip glibc-c01c245517b43fa3b983168197e7d05eef5f9828.tar.gz glibc-c01c245517b43fa3b983168197e7d05eef5f9828.tar.bz2 |
[BZ #4438]
2007-04-30 Ulrich Drepper <drepper@redhat.com>
[BZ #4438]
* stdio-common/vfprintf.c (process_string_arg): Don't overflow the
stack for large precisions.
Diffstat (limited to 'stdio-common')
-rw-r--r-- | stdio-common/vfprintf.c | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/stdio-common/vfprintf.c b/stdio-common/vfprintf.c index 946551f..31bc523 100644 --- a/stdio-common/vfprintf.c +++ b/stdio-common/vfprintf.c @@ -1160,19 +1160,25 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap) else \ { \ /* In case we have a multibyte character set the \ - situation is more compilcated. We must not copy \ + situation is more complicated. We must not copy \ bytes at the end which form an incomplete character. */\ - wchar_t ignore[prec]; \ + wchar_t ignore[1024]; \ const char *str2 = string; \ - mbstate_t ps; \ + const char *strend = string + prec; \ + if (strend < string) \ + strend = (const char *) UINTPTR_MAX; \ \ + mbstate_t ps; \ memset (&ps, '\0', sizeof (ps)); \ - if (__mbsnrtowcs (ignore, &str2, prec, prec, &ps) \ - == (size_t) -1) \ - { \ - done = -1; \ - goto all_done; \ - } \ + \ + while (str2 != NULL && str2 < strend) \ + if (__mbsnrtowcs (ignore, &str2, strend - str2, 1024, \ + &ps) == (size_t) -1) \ + { \ + done = -1; \ + goto all_done; \ + } \ + \ if (str2 == NULL) \ len = strlen (string); \ else \ |