Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-02-25 09:50:02 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fixed a buffer overflow if there is given a not null terminated string with a precision parameter.

Browse source 
Added handling of the precision parameter for counted strings.
Reduced some overhead for strings.

svn path=/trunk/; revision=3491
This commit is contained in:
Hartmut Birr 2002-09-13 18:45:10 +00:00
parent 1950866768
commit 3f316cde99
2 changed files with 209 additions and 242 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

225
reactos/lib/ntdll/stdio/sprintf.c
View file

@ -1,4 +1,4 @@
/* $Id: sprintf.c,v 1.9 2002/09/12 17:50:42 guido Exp $ /* $Id: sprintf.c,v 1.10 2002/09/13 18:45:10 hbirr Exp $
* *
* COPYRIGHT: See COPYING in the top level directory * COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel * PROJECT: ReactOS kernel
@ -151,6 +151,95 @@ number(char * buf, char * end, long long num, int base, int size, int precision,
return buf; return buf;
} }
static char*
string(char* buf, char* end, const char* s, int len, int field_width, int precision, int flags)
{
int i;
if (s == NULL)
{
s = "<NULL>";
len = 6;
}
else
{
if (len == -1)
{
len = 0;
while (s[len] && (unsigned int)len < (unsigned int)precision)
len++;
}
else
{
if ((unsigned int)len > (unsigned int)precision)
len = precision;
}
}
if (!(flags & LEFT))
while (len < field_width--)
{
if (buf <= end)
*buf = ' ';
++buf;
}
for (i = 0; i < len; ++i)
{
if (buf <= end)
*buf = *s++;
++buf;
}
while (len < field_width--)
{
if (buf <= end)
*buf = ' ';
++buf;
}
return buf;
}
static char*
stringw(char* buf, char* end, const wchar_t* sw, int len, int field_width, int precision, int flags)
{
int i;
if (sw == NULL)
{
sw = L"<NULL>";
len = 6;
}
else
{
if (len == -1)
{
len = 0;
while (sw[len] && (unsigned int)len < (unsigned int)precision)
len++;
}
else
{
if ((unsigned int)len > (unsigned int)precision)
len = precision;
}
}
if (!(flags & LEFT))
while (len < field_width--)
{
if (buf <= end)
*buf = ' ';
++buf;
}
for (i = 0; i < len; ++i)
{
if (buf <= end)
*buf = (unsigned char)(*sw++);
++buf;
}
while (len < field_width--)
{
if (buf <= end)
*buf = ' ';
++buf;
}
return buf;
}
int _vsnprintf(char *buf, size_t cnt, const char *fmt, va_list args) int _vsnprintf(char *buf, size_t cnt, const char *fmt, va_list args)
{ {
@ -288,57 +377,11 @@ int _vsnprintf(char *buf, size_t cnt, const char *fmt, va_list args)
if (qualifier == 'l' || qualifier == 'w') { if (qualifier == 'l' || qualifier == 'w') {
/* print unicode string */ /* print unicode string */
sw = va_arg(args, wchar_t *); sw = va_arg(args, wchar_t *);
if (sw == NULL) str = stringw(str, end, sw, -1, field_width, precision, flags);
sw = L"<NULL>";
len = wcslen (sw);
if ((unsigned int)len > (unsigned int)precision)
len = precision;
if (!(flags & LEFT))
while (len < field_width--) {
if (str <= end)
*str = ' ';
++str;
}
for (i = 0; i < len; ++i) {
if (str <= end)
*str = (unsigned char)(*sw);
++str;
++sw;
}
while (len < field_width--) {
if (str <= end)
*str = ' ';
++str;
}
} else { } else {
/* print ascii string */ /* print ascii string */
s = va_arg(args, char *); s = va_arg(args, char *);
if (s == NULL) str = string(str, end, s, -1, field_width, precision, flags);
s = "<NULL>";
len = strlen (s);
if ((unsigned int)len > (unsigned int)precision)
len = precision;
if (!(flags & LEFT))
while (len < field_width--) {
if (str <= end)
*str = ' ';
++str;
}
for (i = 0; i < len; ++i) {
if (str <= end)
*str = *s;
++str;
++s;
}
while (len < field_width--) {
if (str <= end)
*str = ' ';
++str;
}
} }
continue; continue;
@ -346,57 +389,11 @@ int _vsnprintf(char *buf, size_t cnt, const char *fmt, va_list args)
if (qualifier == 'h') { if (qualifier == 'h') {
/* print ascii string */ /* print ascii string */
s = va_arg(args, char *); s = va_arg(args, char *);
if (s == NULL) str = string(str, end, s, -1, field_width, precision, flags);
s = "<NULL>";
len = strlen (s);
if ((unsigned int)len > (unsigned int)precision)
len = precision;
if (!(flags & LEFT))
while (len < field_width--) {
if (str <= end)
*str = ' ';
++str;
}
for (i = 0; i < len; ++i) {
if (str <= end)
*str = *s;
++str;
++s;
}
while (len < field_width--) {
if (str <= end)
*str = ' ';
++str;
}
} else { } else {
/* print unicode string */ /* print unicode string */
sw = va_arg(args, wchar_t *); sw = va_arg(args, wchar_t *);
if (sw == NULL) str = stringw(str, end, sw, -1, field_width, precision, flags);
sw = L"<NULL>";
len = wcslen (sw);
if ((unsigned int)len > (unsigned int)precision)
len = precision;
if (!(flags & LEFT))
while (len < field_width--) {
if (str <= end)
*str = ' ';
++str;
}
for (i = 0; i < len; ++i) {
if (str <= end)
*str = (unsigned char)(*sw);
++str;
++sw;
}
while (len < field_width--) {
if (str <= end)
*str = ' ';
++str;
}
} }
continue; continue;
@ -405,38 +402,24 @@ int _vsnprintf(char *buf, size_t cnt, const char *fmt, va_list args)
/* print counted unicode string */ /* print counted unicode string */
PUNICODE_STRING pus = va_arg(args, PUNICODE_STRING); PUNICODE_STRING pus = va_arg(args, PUNICODE_STRING);
if ((pus == NULL) || (pus->Buffer == NULL)) { if ((pus == NULL) || (pus->Buffer == NULL)) {
s = "<NULL>"; sw = NULL;
while ((*s) != 0) { len = -1;
if (str <= end)
*str = *s;
++str;
++s;
}
} else { } else {
for (i = 0; pus->Buffer[i] && i < pus->Length / sizeof(WCHAR); i++) { sw = pus->Buffer;
if (str <= end) len = pus->Length / sizeof(WCHAR);
*str = (unsigned char)(pus->Buffer[i]);
++str;
}
} }
str = stringw(str, end, sw, len, field_width, precision, flags);
} else { } else {
/* print counted ascii string */ /* print counted ascii string */
PANSI_STRING pus = va_arg(args, PANSI_STRING); PANSI_STRING pus = va_arg(args, PANSI_STRING);
if ((pus == NULL) || (pus->Buffer == NULL)) { if ((pus == NULL) || (pus->Buffer == NULL)) {
s = "<NULL>"; s = NULL;
while ((*s) != 0) { len = -1;
if (str <= end)
*str = *s;
++str;
++s;
}
} else { } else {
for (i = 0; pus->Buffer[i] && i < pus->Length; i++) { s = pus->Buffer;
if (str <= end) len = pus->Length;
*str = pus->Buffer[i];
++str;
}
} }
str = string(str, end, s, len, field_width, precision, flags);
} }
continue; continue;

226
reactos/lib/ntdll/stdio/swprintf.c
View file

@ -1,4 +1,4 @@
/* $Id: swprintf.c,v 1.11 2002/09/12 17:50:42 guido Exp $ /* $Id: swprintf.c,v 1.12 2002/09/13 18:45:10 hbirr Exp $
* *
* COPYRIGHT: See COPYING in the top level directory * COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel * PROJECT: ReactOS kernel
@ -153,6 +153,96 @@ number(wchar_t * buf, wchar_t * end, long long num, int base, int size, int prec
return buf; return buf;
} }
static wchar_t*
string(wchar_t* buf, wchar_t* end, const char* s, int len, int field_width, int precision, int flags)
{
int i;
if (s == NULL)
{
s = "<NULL>";
len = 6;
}
else
{
if (len == -1)
{
len = 0;
while (s[len] && (unsigned int)len < (unsigned int)precision)
len++;
}
else
{
if ((unsigned int)len > (unsigned int)precision)
len = precision;
}
}
if (!(flags & LEFT))
while (len < field_width--)
{
if (buf <= end)
*buf = L' ';
++buf;
}
for (i = 0; i < len; ++i)
{
if (buf <= end)
*buf = *s++;
++buf;
}
while (len < field_width--)
{
if (buf <= end)
*buf = L' ';
++buf;
}
return buf;
}
static wchar_t*
stringw(wchar_t* buf, wchar_t* end, const wchar_t* sw, int len, int field_width, int precision, int flags)
{
int i;
if (sw == NULL)
{
sw = L"<NULL>";
len = 6;
}
else
{
if (len == -1)
{
len = 0;
while (sw[len] && (unsigned int)len < (unsigned int)precision)
len++;
}
else
{
if ((unsigned int)len > (unsigned int)precision)
len = precision;
}
}
if (!(flags & LEFT))
while (len < field_width--)
{
if (buf <= end)
*buf = L' ';
buf++;
}
for (i = 0; i < len; ++i)
{
if (buf <= end)
*buf = *sw++;
buf++;
}
while (len < field_width--)
{
if (buf <= end)
*buf = L' ';
buf++;
}
return buf;
}
int _vsnwprintf(wchar_t *buf, size_t cnt, const wchar_t *fmt, va_list args) int _vsnwprintf(wchar_t *buf, size_t cnt, const wchar_t *fmt, va_list args)
{ {
@ -290,57 +380,11 @@ int _vsnwprintf(wchar_t *buf, size_t cnt, const wchar_t *fmt, va_list args)
if (qualifier == 'h') { if (qualifier == 'h') {
/* print ascii string */ /* print ascii string */
s = va_arg(args, char *); s = va_arg(args, char *);
if (s == NULL) str = string(str, end, s, -1, field_width, precision, flags);
s = "<NULL>";
len = strlen (s);
if ((unsigned int)len > (unsigned int)precision)
len = precision;
if (!(flags & LEFT))
while (len < field_width--) {
if (str <= end)
*str = L' ';
++str;
}
for (i = 0; i < len; ++i) {
if (str <= end)
*str = (wchar_t)(*s);
++str;
++s;
}
while (len < field_width--) {
if (str <= end)
*str = L' ';
++str;
}
} else { } else {
/* print unicode string */ /* print unicode string */
sw = va_arg(args, wchar_t *); sw = va_arg(args, wchar_t *);
if (sw == NULL) str = stringw(str, end, sw, -1, field_width, precision, flags);
sw = L"<NULL>";
len = wcslen (sw);
if ((unsigned int)len > (unsigned int)precision)
len = precision;
if (!(flags & LEFT))
while (len < field_width--) {
if (str <= end)
*str = L' ';
++str;
}
for (i = 0; i < len; ++i) {
if (str <= end)
*str = *sw;
++str;
++sw;
}
while (len < field_width--) {
if (str <= end)
*str = L' ';
++str;
}
} }
continue; continue;
@ -348,57 +392,11 @@ int _vsnwprintf(wchar_t *buf, size_t cnt, const wchar_t *fmt, va_list args)
if (qualifier == 'l' || qualifier == 'w') { if (qualifier == 'l' || qualifier == 'w') {
/* print unicode string */ /* print unicode string */
sw = va_arg(args, wchar_t *); sw = va_arg(args, wchar_t *);
if (sw == NULL) str = stringw(str, end, sw, -1, field_width, precision, flags);
sw = L"<NULL>";
len = wcslen (sw);
if ((unsigned int)len > (unsigned int)precision)
len = precision;
if (!(flags & LEFT))
while (len < field_width--) {
if (str <= end)
*str = L' ';
++str;
}
for (i = 0; i < len; ++i) {
if (str <= end)
*str = *sw;
++str;
++sw;
}
while (len < field_width--) {
if (str <= end)
*str = L' ';
++str;
}
} else { } else {
/* print ascii string */ /* print ascii string */
s = va_arg(args, char *); s = va_arg(args, char *);
if (s == NULL) str = string(str, end, s, -1, field_width, precision, flags);
s = "<NULL>";
len = strlen (s);
if ((unsigned int)len > (unsigned int)precision)
len = precision;
if (!(flags & LEFT))
while (len < field_width--) {
if (str <= end)
*str = L' ';
++str;
}
for (i = 0; i < len; ++i) {
if (str <= end)
*str = (wchar_t)(*s);
++str;
++s;
}
while (len < field_width--) {
if (str <= end)
*str = L' ';
++str;
}
} }
continue; continue;
@ -407,38 +405,24 @@ int _vsnwprintf(wchar_t *buf, size_t cnt, const wchar_t *fmt, va_list args)
/* print counted ascii string */ /* print counted ascii string */
PANSI_STRING pus = va_arg(args, PANSI_STRING); PANSI_STRING pus = va_arg(args, PANSI_STRING);
if ((pus == NULL) || (pus->Buffer == NULL)) { if ((pus == NULL) || (pus->Buffer == NULL)) {
sw = L"<NULL>"; s = NULL;
while ((*sw) != 0) { len = -1;
if (str <= end)
*str = *sw;
++str;
++sw;
}
} else { } else {
for (i = 0; pus->Buffer[i] && i < pus->Length; i++) { s = pus->Buffer;
if (str <= end) len = pus->Length;
*str = (wchar_t)(pus->Buffer[i]);
++str;
}
} }
str = string(str, end, s, len, field_width, precision, flags);
} else { } else {
/* print counted unicode string */ /* print counted unicode string */
PUNICODE_STRING pus = va_arg(args, PUNICODE_STRING); PUNICODE_STRING pus = va_arg(args, PUNICODE_STRING);
if ((pus == NULL) || (pus->Buffer == NULL)) { if ((pus == NULL) || (pus->Buffer == NULL)) {
sw = L"<NULL>"; sw = NULL;
while ((*sw) != 0) { len = -1;
if (str <= end)
*str = *sw;
++str;
++sw;
}
} else { } else {
for (i = 0; pus->Buffer[i] && i < pus->Length / sizeof(WCHAR); i++) { sw = pus->Buffer;
if (str <= end) len = pus->Length / sizeof(WCHAR);
*str = pus->Buffer[i];
++str;
}
} }
str = stringw(str, end, sw, len, field_width, precision, flags);
} }
continue; continue;