To figure out if we're going outside the buffer, use the size of the buffer,

not the size of the integer used to index in said buffer.

PR: 794
Notified by: Rhett Garber <rhett_garber@hp.com>

diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index 2cfc689dd6b4cbe9fa7fd96543a4ef901b2a7585..0fd5e4ee2a1e38660f637fdf209ee46e7519b607 100644 (file)
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -652,8 +652,8 @@ fmtfp(
             (caps ? "0123456789ABCDEF"
               : "0123456789abcdef")[intpart % 10];
         intpart = (intpart / 10);
-    } while (intpart && (iplace < sizeof iplace));
-    if (iplace == sizeof iplace)
+    } while (intpart && (iplace < sizeof iconvert));
+    if (iplace == sizeof iconvert)
         iplace--;
     iconvert[iplace] = 0;
 
@@ -664,7 +664,7 @@ fmtfp(
               : "0123456789abcdef")[fracpart % 10];
         fracpart = (fracpart / 10);
     } while (fplace < max);
-    if (fplace == sizeof fplace)
+    if (fplace == sizeof fconvert)
         fplace--;
     fconvert[fplace] = 0;