Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/lib/libc/stdlib/strfmon.c,v rcsdiff: /ftp/cvs/cvsroot/src/lib/libc/stdlib/strfmon.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.4.6.1 retrieving revision 1.4.16.1 diff -u -p -r1.4.6.1 -r1.4.16.1 --- src/lib/libc/stdlib/strfmon.c 2008/06/03 20:47:08 1.4.6.1 +++ src/lib/libc/stdlib/strfmon.c 2008/03/24 07:14:45 1.4.16.1 @@ -1,4 +1,4 @@ -/* $NetBSD: strfmon.c,v 1.4.6.1 2008/06/03 20:47:08 skrll Exp $ */ +/* $NetBSD: strfmon.c,v 1.4.16.1 2008/03/24 07:14:45 keiichi Exp $ */ /*- * Copyright (c) 2001 Alexey Zelkin @@ -32,7 +32,7 @@ #if 0 __FBSDID("$FreeBSD: src/lib/libc/stdlib/strfmon.c,v 1.14 2003/03/20 08:18:55 ache Exp $"); #else -__RCSID("$NetBSD: strfmon.c,v 1.4.6.1 2008/06/03 20:47:08 skrll Exp $"); +__RCSID("$NetBSD: strfmon.c,v 1.4.16.1 2008/03/24 07:14:45 keiichi Exp $"); #endif #endif /* LIBC_SCCS and not lint */ @@ -50,7 +50,6 @@ __RCSID("$NetBSD: strfmon.c,v 1.4.6.1 20 #include #include #include -#include /* internal flags */ #define NEED_GROUPING 0x01 /* print digits grouped (default) */ @@ -76,12 +75,15 @@ __RCSID("$NetBSD: strfmon.c,v 1.4.6.1 20 } while (/* CONSTCOND */ 0) #define GET_NUMBER(VAR) do { \ - VAR = 0; \ + int ovar; \ + ovar = VAR = 0; \ while (isdigit((unsigned char)*fmt)) { \ VAR *= 10; \ VAR += *fmt - '0'; \ - if (VAR > 0x00ffffff) \ + if (ovar > VAR) \ goto e2big_error; \ + else \ + ovar = VAR; \ fmt++; \ } \ } while (/* CONSTCOND */ 0) @@ -198,13 +200,11 @@ strfmon(char * __restrict s, size_t maxs /* field Width */ if (isdigit((unsigned char)*fmt)) { - ptrdiff_t d = dst - s; GET_NUMBER(width); /* Do we have enough space to put number with * required width ? */ - - if (d + width >= maxsize) + if (dst + width >= s + maxsize) goto e2big_error; }