Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-05 21:42:57 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fixed _vsnprintf() to actually use the buffer size limit to prevent buffer overflows

Browse source 
Sorry, but I had to re indent and tabify this code, I could not read it because it was all screwed up before.

svn path=/trunk/; revision=2652
This commit is contained in:
Phillip Susi 2002-02-26 05:59:00 +00:00
parent c66e8c39d3
commit fd4c65ede9
1 changed files with 448 additions and 343 deletions
Download patch file Download diff file Expand all files Collapse all files

115
reactos/ntoskrnl/rtl/sprintf.c
View file

@ -1,4 +1,4 @@
/* $Id: sprintf.c,v 1.6 2002/02/18 18:39:31 hbirr Exp $ /* $Id: sprintf.c,v 1.7 2002/02/26 05:59:00 phreak Exp $
* *
* COPYRIGHT: See COPYING in the top level directory * COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel * PROJECT: ReactOS kernel
@ -149,6 +149,8 @@ int _vsnprintf(char *buf, size_t cnt, const char *fmt, va_list args)
for (str=buf ; *fmt ; ++fmt) { for (str=buf ; *fmt ; ++fmt) {
if (*fmt != '%') { if (*fmt != '%') {
*str++ = *fmt; *str++ = *fmt;
if( --cnt == 0 )
goto out;
continue; continue;
} }
@ -210,27 +212,57 @@ int _vsnprintf(char *buf, size_t cnt, const char *fmt, va_list args)
case 'c': /* finished */ case 'c': /* finished */
if (!(flags & LEFT)) if (!(flags & LEFT))
while (--field_width > 0) while (--field_width > 0)
{
*str++ = ' '; *str++ = ' ';
if( --cnt == 0 )
goto out;
}
if (qualifier == 'l' || qualifier == 'w') if (qualifier == 'l' || qualifier == 'w')
*str++ {
= (unsigned char)(wchar_t) va_arg(args, int); *str++ = (unsigned char)(wchar_t) va_arg(args, int);
if( --cnt == 0 )
goto out;
}
else else
{
*str++ = (unsigned char) va_arg(args, int); *str++ = (unsigned char) va_arg(args, int);
if( --cnt == 0 )
goto out;
}
while (--field_width > 0) while (--field_width > 0)
{
*str++ = ' '; *str++ = ' ';
if( --cnt == 0 )
goto out;
}
continue; continue;
case 'C': /* finished */ case 'C': /* finished */
if (!(flags & LEFT)) if (!(flags & LEFT))
while (--field_width > 0) while (--field_width > 0)
{
*str++ = ' '; *str++ = ' ';
if( --cnt == 0 )
goto out;
}
if (qualifier == 'h') if (qualifier == 'h')
{
*str++ = (unsigned char) va_arg(args, int); *str++ = (unsigned char) va_arg(args, int);
if( --cnt == 0 )
goto out;
}
else else
*str++ {
= (unsigned char)(wchar_t) va_arg(args, int); *str++ = (unsigned char)(wchar_t) va_arg(args, int);
if( --cnt == 0 )
goto out;
}
while (--field_width > 0) while (--field_width > 0)
{
*str++ = ' '; *str++ = ' ';
if( --cnt == 0 )
goto out;
}
continue; continue;
case 's': /* finished */ case 's': /* finished */
@ -244,11 +276,23 @@ int _vsnprintf(char *buf, size_t cnt, const char *fmt, va_list args)
if (!(flags & LEFT)) if (!(flags & LEFT))
while (len < field_width--) while (len < field_width--)
{
*str++ = ' '; *str++ = ' ';
if( --cnt == 0 )
goto out;
}
for (i = 0; i < len; ++i) for (i = 0; i < len; ++i)
{
*str++ = (unsigned char)(*sw++); *str++ = (unsigned char)(*sw++);
if( --cnt == 0 )
goto out;
}
while (len < field_width--) while (len < field_width--)
{
*str++ = ' '; *str++ = ' ';
if( --cnt == 0 )
goto out;
}
} else { } else {
/* print ascii string */ /* print ascii string */
s = va_arg(args, char *); s = va_arg(args, char *);
@ -259,11 +303,23 @@ int _vsnprintf(char *buf, size_t cnt, const char *fmt, va_list args)
if (!(flags & LEFT)) if (!(flags & LEFT))
while (len < field_width--) while (len < field_width--)
{
*str++ = ' '; *str++ = ' ';
if( --cnt == 0 )
goto out;
}
for (i = 0; i < len; ++i) for (i = 0; i < len; ++i)
{
*str++ = *s++; *str++ = *s++;
if( --cnt == 0 )
goto out;
}
while (len < field_width--) while (len < field_width--)
{
*str++ = ' '; *str++ = ' ';
if( --cnt == 0 )
goto out;
}
} }
continue; continue;
@ -278,11 +334,23 @@ int _vsnprintf(char *buf, size_t cnt, const char *fmt, va_list args)
if (!(flags & LEFT)) if (!(flags & LEFT))
while (len < field_width--) while (len < field_width--)
{
*str++ = ' '; *str++ = ' ';
if( --cnt == 0 )
goto out;
}
for (i = 0; i < len; ++i) for (i = 0; i < len; ++i)
{
*str++ = *s++; *str++ = *s++;
if( --cnt == 0 )
goto out;
}
while (len < field_width--) while (len < field_width--)
{
*str++ = ' '; *str++ = ' ';
if( --cnt == 0 )
goto out;
}
} else { } else {
/* print unicode string */ /* print unicode string */
sw = va_arg(args, wchar_t *); sw = va_arg(args, wchar_t *);
@ -293,11 +361,23 @@ int _vsnprintf(char *buf, size_t cnt, const char *fmt, va_list args)
if (!(flags & LEFT)) if (!(flags & LEFT))
while (len < field_width--) while (len < field_width--)
{
*str++ = ' '; *str++ = ' ';
if( --cnt == 0 )
goto out;
}
for (i = 0; i < len; ++i) for (i = 0; i < len; ++i)
{
*str++ = (unsigned char)(*sw++); *str++ = (unsigned char)(*sw++);
if( --cnt == 0 )
goto out;
}
while (len < field_width--) while (len < field_width--)
{
*str++ = ' '; *str++ = ' ';
if( --cnt == 0 )
goto out;
}
} }
continue; continue;
@ -308,10 +388,18 @@ int _vsnprintf(char *buf, size_t cnt, const char *fmt, va_list args)
if ((pus == NULL) || (pus->Buffer == NULL)) { if ((pus == NULL) || (pus->Buffer == NULL)) {
s = "<NULL>"; s = "<NULL>";
while ((*s) != 0) while ((*s) != 0)
{
*str++ = *s++; *str++ = *s++;
if( --cnt == 0 )
goto out;
}
} else { } else {
for (i = 0; pus->Buffer[i] && i < pus->Length / sizeof(WCHAR); i++) for (i = 0; pus->Buffer[i] && i < pus->Length / sizeof(WCHAR); i++)
{
*str++ = (unsigned char)(pus->Buffer[i]); *str++ = (unsigned char)(pus->Buffer[i]);
if( --cnt == 0 )
goto out;
}
} }
} else { } else {
/* print counted ascii string */ /* print counted ascii string */
@ -319,10 +407,18 @@ int _vsnprintf(char *buf, size_t cnt, const char *fmt, va_list args)
if ((pus == NULL) || (pus->Buffer == NULL)) { if ((pus == NULL) || (pus->Buffer == NULL)) {
s = "<NULL>"; s = "<NULL>";
while ((*s) != 0) while ((*s) != 0)
{
*str++ = *s++; *str++ = *s++;
if( --cnt == 0 )
goto out;
}
} else { } else {
for (i = 0; pus->Buffer[i] && i < pus->Length; i++) for (i = 0; pus->Buffer[i] && i < pus->Length; i++)
{
*str++ = pus->Buffer[i]; *str++ = pus->Buffer[i];
if( --cnt == 0 )
goto out;
}
} }
} }
continue; continue;
@ -370,9 +466,17 @@ int _vsnprintf(char *buf, size_t cnt, const char *fmt, va_list args)
default: default:
if (*fmt != '%') if (*fmt != '%')
{
*str++ = '%'; *str++ = '%';
if( --cnt == 0 )
goto out;
}
if (*fmt) if (*fmt)
{
*str++ = *fmt; *str++ = *fmt;
if( --cnt == 0 )
goto out;
}
else else
--fmt; --fmt;
continue; continue;
@ -396,6 +500,7 @@ int _vsnprintf(char *buf, size_t cnt, const char *fmt, va_list args)
} }
str = number(str, num, base, field_width, precision, flags); str = number(str, num, base, field_width, precision, flags);
} }
out:
*str = '\0'; *str = '\0';
return str-buf; return str-buf;
} }