Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-03 14:45:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fixed _vsnprintf() to actually use the buffer size limit to prevent buffer overflows

Browse source 
Sorry, but I had to re indent and tabify this code, I could not read it because it was all screwed up before.

svn path=/trunk/; revision=2652
This commit is contained in:
Phillip Susi 2002-02-26 05:59:00 +00:00
parent c66e8c39d3
commit fd4c65ede9
1 changed files with 448 additions and 343 deletions
Download patch file Download diff file Expand all files Collapse all files

791
reactos/ntoskrnl/rtl/sprintf.c
View file

@ -1,4 +1,4 @@
/* $Id: sprintf.c,v 1.6 2002/02/18 18:39:31 hbirr Exp $ /* $Id: sprintf.c,v 1.7 2002/02/26 05:59:00 phreak Exp $
* *
* COPYRIGHT: See COPYING in the top level directory * COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel * PROJECT: ReactOS kernel
@ -8,7 +8,7 @@
* Eric Kohl * Eric Kohl
* *
* TODO: * TODO:
* - Implement maximum length (cnt) in _vsnprintf(). * - Implement maximum length (cnt) in _vsnprintf().
*/ */
/* /*
@ -32,13 +32,13 @@
#include <internal/debug.h> #include <internal/debug.h>
#define ZEROPAD 1 /* pad with zero */ #define ZEROPAD 1 /* pad with zero */
#define SIGN 2 /* unsigned/signed long */ #define SIGN 2 /* unsigned/signed long */
#define PLUS 4 /* show plus */ #define PLUS 4 /* show plus */
#define SPACE 8 /* space if plus */ #define SPACE 8 /* space if plus */
#define LEFT 16 /* left justified */ #define LEFT 16 /* left justified */
#define SPECIAL 32 /* 0x */ #define SPECIAL 32 /* 0x */
#define LARGE 64 /* use 'ABCDEF' instead of 'abcdef' */ #define LARGE 64 /* use 'ABCDEF' instead of 'abcdef' */
#define do_div(n,base) ({ \ #define do_div(n,base) ({ \
@ -50,384 +50,489 @@ __res; })
static int skip_atoi(const char **s) static int skip_atoi(const char **s)
{ {
int i=0; int i=0;
while (isdigit(**s)) while (isdigit(**s))
i = i*10 + *((*s)++) - '0'; i = i*10 + *((*s)++) - '0';
return i; return i;
} }
static char * static char *
number (char * str, long long num, int base, int size, int precision, int type) number (char * str, long long num, int base, int size, int precision, int type)
{ {
char c,sign,tmp[66]; char c,sign,tmp[66];
const char *digits="0123456789abcdefghijklmnopqrstuvwxyz"; const char *digits="0123456789abcdefghijklmnopqrstuvwxyz";
int i; int i;
if (type & LARGE) if (type & LARGE)
digits = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; digits = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
if (type & LEFT) if (type & LEFT)
type &= ~ZEROPAD; type &= ~ZEROPAD;
if (base < 2 || base > 36) if (base < 2 || base > 36)
return 0; return 0;
c = (type & ZEROPAD) ? '0' : ' '; c = (type & ZEROPAD) ? '0' : ' ';
sign = 0; sign = 0;
if (type & SIGN) { if (type & SIGN) {
if (num < 0) { if (num < 0) {
sign = '-'; sign = '-';
num = -num; num = -num;
size--; size--;
} else if (type & PLUS) { } else if (type & PLUS) {
sign = '+'; sign = '+';
size--; size--;
} else if (type & SPACE) { } else if (type & SPACE) {
sign = ' '; sign = ' ';
size--; size--;
} }
} }
if (type & SPECIAL) { if (type & SPECIAL) {
if (base == 16) if (base == 16)
size -= 2; size -= 2;
else if (base == 8) else if (base == 8)
size--; size--;
} }
i = 0; i = 0;
if (num == 0) if (num == 0)
tmp[i++]='0'; tmp[i++]='0';
else while (num != 0) else while (num != 0)
tmp[i++] = digits[do_div(num,base)]; tmp[i++] = digits[do_div(num,base)];
if (i > precision) if (i > precision)
precision = i; precision = i;
size -= precision; size -= precision;
if (!(type&(ZEROPAD+LEFT))) if (!(type&(ZEROPAD+LEFT)))
while(size-->0) while(size-->0)
*str++ = ' '; *str++ = ' ';
if (sign) if (sign)
*str++ = sign; *str++ = sign;
if (type & SPECIAL) { if (type & SPECIAL) {
if (base==8) { if (base==8) {
*str++ = '0'; *str++ = '0';
} else if (base==16) { } else if (base==16) {
*str++ = '0'; *str++ = '0';
*str++ = digits[33]; *str++ = digits[33];
} }
} }
if (!(type & LEFT)) if (!(type & LEFT))
while (size-- > 0) while (size-- > 0)
*str++ = c; *str++ = c;
while (i < precision--) while (i < precision--)
*str++ = '0'; *str++ = '0';
while (i-- > 0) while (i-- > 0)
*str++ = tmp[i]; *str++ = tmp[i];
while (size-- > 0) while (size-- > 0)
*str++ = ' '; *str++ = ' ';
return str; return str;
} }
int _vsnprintf(char *buf, size_t cnt, const char *fmt, va_list args) int _vsnprintf(char *buf, size_t cnt, const char *fmt, va_list args)
{ {
int len; int len;
unsigned long long num; unsigned long long num;
int i, base; int i, base;
char * str; char * str;
const char *s; const char *s;
const wchar_t *sw; const wchar_t *sw;
int flags; /* flags to number() */ int flags; /* flags to number() */
int field_width; /* width of output field */ int field_width; /* width of output field */
int precision; /* min. # of digits for integers; max int precision; /* min. # of digits for integers; max
number of chars for from string */ number of chars for from string */
int qualifier; /* 'h', 'l', 'L', 'I' or 'w' for integer fields */ int qualifier; /* 'h', 'l', 'L', 'I' or 'w' for integer fields */
for (str=buf ; *fmt ; ++fmt) { for (str=buf ; *fmt ; ++fmt) {
if (*fmt != '%') { if (*fmt != '%') {
*str++ = *fmt; *str++ = *fmt;
continue; if( --cnt == 0 )
} goto out;
continue;
}
/* process flags */ /* process flags */
flags = 0; flags = 0;
repeat: repeat:
++fmt; /* this also skips first '%' */ ++fmt; /* this also skips first '%' */
switch (*fmt) { switch (*fmt) {
case '-': flags |= LEFT; goto repeat; case '-': flags |= LEFT; goto repeat;
case '+': flags |= PLUS; goto repeat; case '+': flags |= PLUS; goto repeat;
case ' ': flags |= SPACE; goto repeat; case ' ': flags |= SPACE; goto repeat;
case '#': flags |= SPECIAL; goto repeat; case '#': flags |= SPECIAL; goto repeat;
case '0': flags |= ZEROPAD; goto repeat; case '0': flags |= ZEROPAD; goto repeat;
} }
/* get field width */ /* get field width */
field_width = -1; field_width = -1;
if (isdigit(*fmt)) if (isdigit(*fmt))
field_width = skip_atoi(&fmt); field_width = skip_atoi(&fmt);
else if (*fmt == '*') { else if (*fmt == '*') {
++fmt; ++fmt;
/* it's the next argument */ /* it's the next argument */
field_width = va_arg(args, int); field_width = va_arg(args, int);
if (field_width < 0) { if (field_width < 0) {
field_width = -field_width; field_width = -field_width;
flags |= LEFT; flags |= LEFT;
} }
} }
/* get the precision */ /* get the precision */
precision = -1; precision = -1;
if (*fmt == '.') { if (*fmt == '.') {
++fmt; ++fmt;
if (isdigit(*fmt)) if (isdigit(*fmt))
precision = skip_atoi(&fmt); precision = skip_atoi(&fmt);
else if (*fmt == '*') { else if (*fmt == '*') {
++fmt; ++fmt;
/* it's the next argument */ /* it's the next argument */
precision = va_arg(args, int); precision = va_arg(args, int);
} }
if (precision < 0) if (precision < 0)
precision = 0; precision = 0;
} }
/* get the conversion qualifier */ /* get the conversion qualifier */
qualifier = -1; qualifier = -1;
if (*fmt == 'h' || *fmt == 'l' || *fmt == 'L' || *fmt == 'w') { if (*fmt == 'h' || *fmt == 'l' || *fmt == 'L' || *fmt == 'w') {
qualifier = *fmt; qualifier = *fmt;
++fmt; ++fmt;
} else if (*fmt == 'I' && *(fmt+1) == '6' && *(fmt+2) == '4') { } else if (*fmt == 'I' && *(fmt+1) == '6' && *(fmt+2) == '4') {
qualifier = *fmt; qualifier = *fmt;
fmt += 3; fmt += 3;
} }
/* default base */ /* default base */
base = 10; base = 10;
switch (*fmt) { switch (*fmt) {
case 'c': /* finished */ case 'c': /* finished */
if (!(flags & LEFT)) if (!(flags & LEFT))
while (--field_width > 0) while (--field_width > 0)
*str++ = ' '; {
if (qualifier == 'l' || qualifier == 'w') *str++ = ' ';
*str++ if( --cnt == 0 )
= (unsigned char)(wchar_t) va_arg(args, int); goto out;
else }
*str++ = (unsigned char) va_arg(args, int); if (qualifier == 'l' || qualifier == 'w')
while (--field_width > 0) {
*str++ = ' '; *str++ = (unsigned char)(wchar_t) va_arg(args, int);
continue; if( --cnt == 0 )
goto out;
case 'C': /* finished */
if (!(flags & LEFT))
while (--field_width > 0)
*str++ = ' ';
if (qualifier == 'h')
*str++ = (unsigned char) va_arg(args, int);
else
*str++
= (unsigned char)(wchar_t) va_arg(args, int);
while (--field_width > 0)
*str++ = ' ';
continue;
case 's': /* finished */
if (qualifier == 'l' || qualifier == 'w') {
/* print unicode string */
sw = va_arg(args, wchar_t *);
if (sw == NULL)
sw = L"<NULL>";
for (len = 0; (unsigned int)len < (unsigned int)precision && sw[len]; len++);
if (!(flags & LEFT))
while (len < field_width--)
*str++ = ' ';
for (i = 0; i < len; ++i)
*str++ = (unsigned char)(*sw++);
while (len < field_width--)
*str++ = ' ';
} else {
/* print ascii string */
s = va_arg(args, char *);
if (s == NULL)
s = "<NULL>";
for (len = 0; (unsigned int)len < (unsigned int)precision && s[len]; len++);
if (!(flags & LEFT))
while (len < field_width--)
*str++ = ' ';
for (i = 0; i < len; ++i)
*str++ = *s++;
while (len < field_width--)
*str++ = ' ';
}
continue;
case 'S':
if (qualifier == 'h') {
/* print ascii string */
s = va_arg(args, char *);
if (s == NULL)
s = "<NULL>";
for (len = 0; (unsigned int)len < (unsigned int)precision && s[len]; len++);
if (!(flags & LEFT))
while (len < field_width--)
*str++ = ' ';
for (i = 0; i < len; ++i)
*str++ = *s++;
while (len < field_width--)
*str++ = ' ';
} else {
/* print unicode string */
sw = va_arg(args, wchar_t *);
if (sw == NULL)
sw = L"<NULL>";
for (len = 0; (unsigned int)len < (unsigned int)precision && sw[len]; len++);
if (!(flags & LEFT))
while (len < field_width--)
*str++ = ' ';
for (i = 0; i < len; ++i)
*str++ = (unsigned char)(*sw++);
while (len < field_width--)
*str++ = ' ';
}
continue;
case 'Z':
if (qualifier == 'w') {
/* print counted unicode string */
PUNICODE_STRING pus = va_arg(args, PUNICODE_STRING);
if ((pus == NULL) || (pus->Buffer == NULL)) {
s = "<NULL>";
while ((*s) != 0)
*str++ = *s++;
} else {
for (i = 0; pus->Buffer[i] && i < pus->Length / sizeof(WCHAR); i++)
*str++ = (unsigned char)(pus->Buffer[i]);
}
} else {
/* print counted ascii string */
PANSI_STRING pus = va_arg(args, PANSI_STRING);
if ((pus == NULL) || (pus->Buffer == NULL)) {
s = "<NULL>";
while ((*s) != 0)
*str++ = *s++;
} else {
for (i = 0; pus->Buffer[i] && i < pus->Length; i++)
*str++ = pus->Buffer[i];
}
}
continue;
case 'p':
if (field_width == -1) {
field_width = 2 * sizeof(void *);
flags |= ZEROPAD;
}
str = number(str,
(unsigned long) va_arg(args, void *), 16,
field_width, precision, flags);
continue;
case 'n':
if (qualifier == 'l') {
long * ip = va_arg(args, long *);
*ip = (str - buf);
} else {
int * ip = va_arg(args, int *);
*ip = (str - buf);
}
continue;
/* integer number formats - set up the flags and "break" */
case 'o':
base = 8;
break;
case 'b':
base = 2;
break;
case 'X':
flags |= LARGE;
case 'x':
base = 16;
break;
case 'd':
case 'i':
flags |= SIGN;
case 'u':
break;
default:
if (*fmt != '%')
*str++ = '%';
if (*fmt)
*str++ = *fmt;
else
--fmt;
continue;
}
if (qualifier == 'I')
num = va_arg(args, unsigned long long);
else if (qualifier == 'l')
num = va_arg(args, unsigned long);
else if (qualifier == 'h') {
if (flags & SIGN)
num = va_arg(args, int);
else
num = va_arg(args, unsigned int);
}
else {
if (flags & SIGN)
num = va_arg(args, int);
else
num = va_arg(args, unsigned int);
}
str = number(str, num, base, field_width, precision, flags);
} }
*str = '\0'; else
return str-buf; {
*str++ = (unsigned char) va_arg(args, int);
if( --cnt == 0 )
goto out;
}
while (--field_width > 0)
{
*str++ = ' ';
if( --cnt == 0 )
goto out;
}
continue;
case 'C': /* finished */
if (!(flags & LEFT))
while (--field_width > 0)
{
*str++ = ' ';
if( --cnt == 0 )
goto out;
}
if (qualifier == 'h')
{
*str++ = (unsigned char) va_arg(args, int);
if( --cnt == 0 )
goto out;
}
else
{
*str++ = (unsigned char)(wchar_t) va_arg(args, int);
if( --cnt == 0 )
goto out;
}
while (--field_width > 0)
{
*str++ = ' ';
if( --cnt == 0 )
goto out;
}
continue;
case 's': /* finished */
if (qualifier == 'l' || qualifier == 'w') {
/* print unicode string */
sw = va_arg(args, wchar_t *);
if (sw == NULL)
sw = L"<NULL>";
for (len = 0; (unsigned int)len < (unsigned int)precision && sw[len]; len++);
if (!(flags & LEFT))
while (len < field_width--)
{
*str++ = ' ';
if( --cnt == 0 )
goto out;
}
for (i = 0; i < len; ++i)
{
*str++ = (unsigned char)(*sw++);
if( --cnt == 0 )
goto out;
}
while (len < field_width--)
{
*str++ = ' ';
if( --cnt == 0 )
goto out;
}
} else {
/* print ascii string */
s = va_arg(args, char *);
if (s == NULL)
s = "<NULL>";
for (len = 0; (unsigned int)len < (unsigned int)precision && s[len]; len++);
if (!(flags & LEFT))
while (len < field_width--)
{
*str++ = ' ';
if( --cnt == 0 )
goto out;
}
for (i = 0; i < len; ++i)
{
*str++ = *s++;
if( --cnt == 0 )
goto out;
}
while (len < field_width--)
{
*str++ = ' ';
if( --cnt == 0 )
goto out;
}
}
continue;
case 'S':
if (qualifier == 'h') {
/* print ascii string */
s = va_arg(args, char *);
if (s == NULL)
s = "<NULL>";
for (len = 0; (unsigned int)len < (unsigned int)precision && s[len]; len++);
if (!(flags & LEFT))
while (len < field_width--)
{
*str++ = ' ';
if( --cnt == 0 )
goto out;
}
for (i = 0; i < len; ++i)
{
*str++ = *s++;
if( --cnt == 0 )
goto out;
}
while (len < field_width--)
{
*str++ = ' ';
if( --cnt == 0 )
goto out;
}
} else {
/* print unicode string */
sw = va_arg(args, wchar_t *);
if (sw == NULL)
sw = L"<NULL>";
for (len = 0; (unsigned int)len < (unsigned int)precision && sw[len]; len++);
if (!(flags & LEFT))
while (len < field_width--)
{
*str++ = ' ';
if( --cnt == 0 )
goto out;
}
for (i = 0; i < len; ++i)
{
*str++ = (unsigned char)(*sw++);
if( --cnt == 0 )
goto out;
}
while (len < field_width--)
{
*str++ = ' ';
if( --cnt == 0 )
goto out;
}
}
continue;
case 'Z':
if (qualifier == 'w') {
/* print counted unicode string */
PUNICODE_STRING pus = va_arg(args, PUNICODE_STRING);
if ((pus == NULL) || (pus->Buffer == NULL)) {
s = "<NULL>";
while ((*s) != 0)
{
*str++ = *s++;
if( --cnt == 0 )
goto out;
}
} else {
for (i = 0; pus->Buffer[i] && i < pus->Length / sizeof(WCHAR); i++)
{
*str++ = (unsigned char)(pus->Buffer[i]);
if( --cnt == 0 )
goto out;
}
}
} else {
/* print counted ascii string */
PANSI_STRING pus = va_arg(args, PANSI_STRING);
if ((pus == NULL) || (pus->Buffer == NULL)) {
s = "<NULL>";
while ((*s) != 0)
{
*str++ = *s++;
if( --cnt == 0 )
goto out;
}
} else {
for (i = 0; pus->Buffer[i] && i < pus->Length; i++)
{
*str++ = pus->Buffer[i];
if( --cnt == 0 )
goto out;
}
}
}
continue;
case 'p':
if (field_width == -1) {
field_width = 2 * sizeof(void *);
flags |= ZEROPAD;
}
str = number(str,
(unsigned long) va_arg(args, void *), 16,
field_width, precision, flags);
continue;
case 'n':
if (qualifier == 'l') {
long * ip = va_arg(args, long *);
*ip = (str - buf);
} else {
int * ip = va_arg(args, int *);
*ip = (str - buf);
}
continue;
/* integer number formats - set up the flags and "break" */
case 'o':
base = 8;
break;
case 'b':
base = 2;
break;
case 'X':
flags |= LARGE;
case 'x':
base = 16;
break;
case 'd':
case 'i':
flags |= SIGN;
case 'u':
break;
default:
if (*fmt != '%')
{
*str++ = '%';
if( --cnt == 0 )
goto out;
}
if (*fmt)
{
*str++ = *fmt;
if( --cnt == 0 )
goto out;
}
else
--fmt;
continue;
}
if (qualifier == 'I')
num = va_arg(args, unsigned long long);
else if (qualifier == 'l')
num = va_arg(args, unsigned long);
else if (qualifier == 'h') {
if (flags & SIGN)
num = va_arg(args, int);
else
num = va_arg(args, unsigned int);
}
else {
if (flags & SIGN)
num = va_arg(args, int);
else
num = va_arg(args, unsigned int);
}
str = number(str, num, base, field_width, precision, flags);
}
out:
*str = '\0';
return str-buf;
} }
int sprintf(char * buf, const char *fmt, ...) int sprintf(char * buf, const char *fmt, ...)
{ {
va_list args; va_list args;
int i; int i;
va_start(args, fmt); va_start(args, fmt);
i=_vsnprintf(buf,INT_MAX,fmt,args); i=_vsnprintf(buf,INT_MAX,fmt,args);
va_end(args); va_end(args);
return i; return i;
} }
int _snprintf(char * buf, size_t cnt, const char *fmt, ...) int _snprintf(char * buf, size_t cnt, const char *fmt, ...)
{ {
va_list args; va_list args;
int i; int i;
va_start(args, fmt); va_start(args, fmt);
i=_vsnprintf(buf,cnt,fmt,args); i=_vsnprintf(buf,cnt,fmt,args);
va_end(args); va_end(args);
return i; return i;
} }
int vsprintf(char *buf, const char *fmt, va_list args) int vsprintf(char *buf, const char *fmt, va_list args)
{ {
return _vsnprintf(buf,INT_MAX,fmt,args); return _vsnprintf(buf,INT_MAX,fmt,args);
} }
/* EOF */ /* EOF */