Denis Vlasenko spotted the lack of bounds checking in my first attempt at

itoa/utoa.
author: Rob Landley <rob@landley.net> 2006-07-11 00:44:36 +0000
committer: Rob Landley <rob@landley.net> 2006-07-11 00:44:36 +0000
commit: 22d3958d760d294cd35876ce990a470fa03c046d (patch)
tree: ea74ae6930df883a8c6ae909998df5c0affd1631 /libbb
parent: 1cca9484db69971f652dfef48778da0dc56dad12 (diff)
download: busybox-w32-22d3958d760d294cd35876ce990a470fa03c046d.tar.gz
busybox-w32-22d3958d760d294cd35876ce990a470fa03c046d.tar.bz2
busybox-w32-22d3958d760d294cd35876ce990a470fa03c046d.zip
1 files changed, 14 insertions, 11 deletions
diff --git a/libbb/xfuncs.c b/libbb/xfuncs.c
index 00cacaadf..bcd0751ee 100644
--- a/libbb/xfuncs.c
+++ b/libbb/xfuncs.c
@@ -237,19 +237,21 @@ int wait4pid(int pid)
 // http://www.unix.org/whitepapers/64bit.html
 static char local_buf[12];
-void utoa_to_buf(unsigned n, char *buf, int buflen)
+void utoa_to_buf(unsigned n, char *buf, unsigned buflen)
 {
        int i, out = 0;
-        for (i=1000000000; i; i/=10) {
+        if (buflen) {
-                int res = n/i;
+                for (i=1000000000; i; i/=10) {
+                        int res = n/i;
-                if (res || out || i == 1) {
-                        out++;
+                        if ((res || out || i == 1) && --buflen>0) {
-                        n -= res*i;
+                                out++;
-                        *buf++ = '0' + res;
+                                n -= res*i;
+                                *buf++ = '0' + res;
+                        }
                }
+                *buf = 0;
        }
-        *buf = 0;
 }
 // Note: uses static buffer, calling it twice in a row will overwrite.
@@ -261,11 +263,12 @@ char *utoa(unsigned n)
        return local_buf;
 }
-void itoa_to_buf(int n, char *buf, int buflen)
+void itoa_to_buf(int n, char *buf, unsigned buflen)
 {
-        if (n<0) {
+        if (buflen && n<0) {
                n = -n;
                *buf++ = '-';
+                buflen--;
        }
        utoa_to_buf((unsigned)n, buf, buflen);
 }
author	Rob Landley <rob@landley.net>	2006-07-11 00:44:36 +0000
committer	Rob Landley <rob@landley.net>	2006-07-11 00:44:36 +0000
commit	22d3958d760d294cd35876ce990a470fa03c046d (patch)
tree	ea74ae6930df883a8c6ae909998df5c0affd1631 /libbb
parent	1cca9484db69971f652dfef48778da0dc56dad12 (diff)
download	busybox-w32-22d3958d760d294cd35876ce990a470fa03c046d.tar.gz busybox-w32-22d3958d760d294cd35876ce990a470fa03c046d.tar.bz2 busybox-w32-22d3958d760d294cd35876ce990a470fa03c046d.zip

diff --git a/libbb/xfuncs.c b/libbb/xfuncs.c index 00cacaadf..bcd0751ee 100644 --- a/libbb/xfuncs.c +++ b/libbb/xfuncs.c
@@ -237,19 +237,21 @@ int wait4pid(int pid)
237	// http://www.unix.org/whitepapers/64bit.html	237	// http://www.unix.org/whitepapers/64bit.html
238	static char local_buf[12];	238	static char local_buf[12];
239		239
240	void utoa_to_buf(unsigned n, char *buf, int buflen)	240	void utoa_to_buf(unsigned n, char *buf, unsigned buflen)
241	{	241	{
242	int i, out = 0;	242	int i, out = 0;
243	for (i=1000000000; i; i/=10) {	243	if (buflen) {
244	int res = n/i;	244	for (i=1000000000; i; i/=10) {
245		245	int res = n/i;
246	if (res \|\| out \|\| i == 1) {	246
247	out++;	247	if ((res \|\| out \|\| i == 1) && --buflen>0) {
248	n -= res*i;	248	out++;
249	*buf++ = '0' + res;	249	n -= res*i;
		250	*buf++ = '0' + res;
		251	}
250	}	252	}
		253	*buf = 0;
251	}	254	}
252	*buf = 0;
253	}	255	}
254		256
255	// Note: uses static buffer, calling it twice in a row will overwrite.	257	// Note: uses static buffer, calling it twice in a row will overwrite.
@@ -261,11 +263,12 @@ char *utoa(unsigned n)
261	return local_buf;	263	return local_buf;
262	}	264	}
263		265
264	void itoa_to_buf(int n, char *buf, int buflen)	266	void itoa_to_buf(int n, char *buf, unsigned buflen)
265	{	267	{
266	if (n<0) {	268	if (buflen && n<0) {
267	n = -n;	269	n = -n;
268	*buf++ = '-';	270	*buf++ = '-';
		271	buflen--;
269	}	272	}
270	utoa_to_buf((unsigned)n, buf, buflen);	273	utoa_to_buf((unsigned)n, buf, buflen);
271	}	274	}