Denis Vlasenko spotted the lack of bounds checking in my first attempt at
authorRob Landley <rob@landley.net>
Tue, 11 Jul 2006 00:44:36 +0000 (00:44 -0000)
committerRob Landley <rob@landley.net>
Tue, 11 Jul 2006 00:44:36 +0000 (00:44 -0000)
itoa/utoa.

libbb/xfuncs.c

index 00cacaadfeb704e52d5e80d6a005ca66f50ce9d5..bcd0751ee322f1ef1fd750d4a9c47c92f6ef3867 100644 (file)
@@ -237,19 +237,21 @@ int wait4pid(int pid)
 // http://www.unix.org/whitepapers/64bit.html
 static char local_buf[12];
 
-void utoa_to_buf(unsigned n, char *buf, int buflen)
+void utoa_to_buf(unsigned n, char *buf, unsigned buflen)
 {
        int i, out = 0;
-       for (i=1000000000; i; i/=10) {
-               int res = n/i;
-
-               if (res || out || i == 1) {
-                       out++;
-                       n -= res*i;
-                       *buf++ = '0' + res;
+       if (buflen) {
+               for (i=1000000000; i; i/=10) {
+                       int res = n/i;
+
+                       if ((res || out || i == 1) && --buflen>0) {
+                               out++;
+                               n -= res*i;
+                               *buf++ = '0' + res;
+                       }
                }
+               *buf = 0;
        }
-       *buf = 0;
 }
 
 // Note: uses static buffer, calling it twice in a row will overwrite.
@@ -261,11 +263,12 @@ char *utoa(unsigned n)
        return local_buf;
 }
 
-void itoa_to_buf(int n, char *buf, int buflen)
+void itoa_to_buf(int n, char *buf, unsigned buflen)
 {
-       if (n<0) {
+       if (buflen && n<0) {
                n = -n;
                *buf++ = '-';
+               buflen--;
        }
        utoa_to_buf((unsigned)n, buf, buflen);
 }