[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] /srv/bzr/emacs/trunk r104046: Merge: doprnt: Omit useless
From: |
Paul Eggert |
Subject: |
[Emacs-diffs] /srv/bzr/emacs/trunk r104046: Merge: doprnt: Omit useless test; int overflow check (Bug#8545). |
Date: |
Thu, 28 Apr 2011 15:06:00 -0700 |
User-agent: |
Bazaar (2.3.1) |
------------------------------------------------------------
revno: 104046 [merge]
committer: Paul Eggert <address@hidden>
branch nick: trunk
timestamp: Thu 2011-04-28 15:06:00 -0700
message:
Merge: doprnt: Omit useless test; int overflow check (Bug#8545).
modified:
src/ChangeLog
src/doprnt.c
=== modified file 'src/ChangeLog'
--- a/src/ChangeLog 2011-04-28 19:51:12 +0000
+++ b/src/ChangeLog 2011-04-28 20:11:17 +0000
@@ -1,3 +1,8 @@
+2011-04-28 Paul Eggert <address@hidden>
+
+ * doprnt.c (doprnt): Omit useless test; int overflow check (Bug#8545).
+ (SIZE_MAX): Move defn after all includes, as they might #define it.
+
2011-04-28 Juanma Barranquero <address@hidden>
* w32.c (init_environment): Warn about defaulting HOME to C:\.
=== modified file 'src/doprnt.c'
--- a/src/doprnt.c 2011-04-28 11:46:40 +0000
+++ b/src/doprnt.c 2011-04-28 22:02:15 +0000
@@ -70,7 +70,9 @@
%<flags><width><precision><length>character
where flags is [+ -0], width is [0-9]+, precision is .[0-9]+, and length
- modifier is empty or l or ll.
+ is empty or l or ll. Also, %% in a format stands for a single % in the
+ output. A % that does not introduce a valid %-sequence causes
+ undefined behavior.
The + flag character inserts a + before any positive number, while a space
inserts a space before any positive number; these flags only affect %d, %o,
@@ -111,9 +113,6 @@
#include <unistd.h>
#include <limits.h>
-#ifndef SIZE_MAX
-# define SIZE_MAX ((size_t) -1)
-#endif
#include "lisp.h"
@@ -122,14 +121,21 @@
another macro. */
#include "character.h"
+#ifndef SIZE_MAX
+# define SIZE_MAX ((size_t) -1)
+#endif
+
#ifndef DBL_MAX_10_EXP
#define DBL_MAX_10_EXP 308 /* IEEE double */
#endif
/* Generate output from a format-spec FORMAT,
terminated at position FORMAT_END.
+ (*FORMAT_END is not part of the format, but must exist and be readable.)
Output goes in BUFFER, which has room for BUFSIZE chars.
- If the output does not fit, truncate it to fit.
+ BUFSIZE must be positive. If the output does not fit, truncate it
+ to fit and return BUFSIZE - 1; if this truncates a multibyte
+ sequence, store '\0' into the sequence's first byte.
Returns the number of bytes stored into BUFFER, excluding
the terminating null byte. Output is always null-terminated.
String arguments are passed as C strings.
@@ -198,8 +204,12 @@
while (fmt < format_end
&& '0' <= fmt[1] && fmt[1] <= '9')
{
- if (n >= SIZE_MAX / 10
- || n * 10 > SIZE_MAX - (fmt[1] - '0'))
+ /* Avoid size_t overflow. Avoid int overflow too, as
+ many sprintfs mishandle widths greater than INT_MAX.
+ This test is simple but slightly conservative: e.g.,
+ (INT_MAX - INT_MAX % 10) is reported as an overflow
+ even when it's not. */
+ if (n >= min (INT_MAX, SIZE_MAX) / 10)
error ("Format width or precision too large");
n = n * 10 + fmt[1] - '0';
*string++ = *++fmt;
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] /srv/bzr/emacs/trunk r104046: Merge: doprnt: Omit useless test; int overflow check (Bug#8545).,
Paul Eggert <=