Page MenuHomeFreeBSD
Files F148800037

D8286.id21542.diff
No OneTemporary
Actions

D8286.id21542.diff
View Options

Index: contrib/netbsd-tests/lib/libc/stdio/t_printf.c
===================================================================
--- contrib/netbsd-tests/lib/libc/stdio/t_printf.c
+++ contrib/netbsd-tests/lib/libc/stdio/t_printf.c
@@ -120,12 +120,6 @@
{
char s[16], fmt[32];
-#ifndef __NetBSD__
- atf_tc_expect_signal(SIGSEGV,
- "some non-NetBSD platforms including FreeBSD don't validate "
- "negative size; testcase blows up with SIGSEGV");
-#endif
-
snprintf(fmt, sizeof(fmt), "%%%zu$d", SIZE_MAX / sizeof(size_t));
ATF_CHECK(snprintf(s, sizeof(s), fmt, -23) == -1);
Index: lib/libc/stdio/printf-pos.c
===================================================================
--- lib/libc/stdio/printf-pos.c
+++ lib/libc/stdio/printf-pos.c
@@ -44,6 +44,7 @@
#include "namespace.h"
#include <sys/types.h>
+#include <limits.h>
#include <stdarg.h>
#include <stddef.h>
#include <stdint.h>
@@ -70,9 +71,9 @@
struct typetable {
enum typeid *table; /* table of types */
enum typeid stattable[STATIC_ARG_TBL_SIZE];
- int tablesize; /* current size of type table */
- int tablemax; /* largest used index in table */
- int nextarg; /* 1-based argument index */
+ u_int tablesize; /* current size of type table */
+ u_int tablemax; /* largest used index in table */
+ u_int nextarg; /* 1-based argument index */
};
static int __grow_type_table(struct typetable *);
@@ -84,7 +85,7 @@
static inline void
inittypes(struct typetable *types)
{
- int n;
+ u_int n;
types->table = types->stattable;
types->tablesize = STATIC_ARG_TBL_SIZE;
@@ -185,7 +186,7 @@
addaster(struct typetable *types, char **fmtp)
{
char *cp;
- int n2;
+ u_int n2;
n2 = 0;
cp = *fmtp;
@@ -194,7 +195,7 @@
cp++;
}
if (*cp == '$') {
- int hold = types->nextarg;
+ u_int hold = types->nextarg;
types->nextarg = n2;
if (addtype(types, T_INT))
return (-1);
@@ -211,7 +212,7 @@
addwaster(struct typetable *types, wchar_t **fmtp)
{
wchar_t *cp;
- int n2;
+ u_int n2;
n2 = 0;
cp = *fmtp;
@@ -220,7 +221,7 @@
cp++;
}
if (*cp == '$') {
- int hold = types->nextarg;
+ u_int hold = types->nextarg;
types->nextarg = n2;
if (addtype(types, T_INT))
return (-1);
@@ -245,7 +246,7 @@
{
char *fmt; /* format string */
int ch; /* character from fmt */
- int n; /* handy integer (short term usage) */
+ u_int n; /* handy integer (short term usage) */
int error;
int flags; /* flags as above */
struct typetable types; /* table of types */
@@ -298,6 +299,11 @@
n = 10 * n + to_digit(ch);
ch = *fmt++;
} while (is_digit(ch));
+ /* Detect overflow */
+ if (n > NL_ARGMAX) {
+ error = -1;
+ goto error;
+ }
if (ch == '$') {
types.nextarg = n;
goto rflag;
@@ -433,7 +439,7 @@
{
wchar_t *fmt; /* format string */
wchar_t ch; /* character from fmt */
- int n; /* handy integer (short term usage) */
+ u_int n; /* handy integer (short term usage) */
int error;
int flags; /* flags as above */
struct typetable types; /* table of types */
@@ -486,6 +492,11 @@
n = 10 * n + to_digit(ch);
ch = *fmt++;
} while (is_digit(ch));
+ /* Detect overflow */
+ if (n > NL_ARGMAX) {
+ error = -1;
+ goto error;
+ }
if (ch == '$') {
types.nextarg = n;
goto rflag;
@@ -624,7 +635,11 @@
enum typeid *const oldtable = types->table;
const int oldsize = types->tablesize;
enum typeid *newtable;
- int n, newsize = oldsize * 2;
+ u_int n, newsize = oldsize * 2;
+
+ /* Detect overflow */
+ if (types->nextarg > NL_ARGMAX)
+ return (-1);
if (newsize < types->nextarg + 1)
newsize = types->nextarg + 1;
@@ -653,7 +668,7 @@
static void
build_arg_table(struct typetable *types, va_list ap, union arg **argtable)
{
- int n;
+ u_int n;
if (types->tablemax >= STATIC_ARG_TBL_SIZE) {
*argtable = (union arg *)

File Metadata

Mime Type
text/plain
Expires
Sat, Mar 21, 7:01 AM (11 h, 28 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
30068533
Default Alt Text
D8286.id21542.diff (3 KB)

Event Timeline