emacs: src/editfns.c comparison

comparison src/editfns.c @ 34566:0370af7597d2

(Fformat): Prevent a buffer overrun when the format specifies a precision.

author	Gerd Moellmann <gerd@gnu.org>
date	Thu, 14 Dec 2000 16:18:54 +0000
parents	3b3a64fbcb05
children	3f17dfb2dac4

comparison

equal deleted inserted replaced

-:5c6c44b995ef
+:0370af7597d2
 n = 0;
 while (format != end)
 if (*format++ == '%')
 {
-	int minlen, thissize = 0;
+	int thissize = 0;
 	unsigned char *this_format_start = format - 1;
+	int field_width, precision;
-	/* Process a numeric arg and skip it.  */
-	minlen = atoi (format);
+	/* General format specifications look like
-	if (minlen < 0)
-	  minlen = - minlen;
+	   '%' [flags] [field-width] [precision] format
-	while ((*format >= '0' && *format <= '9')
+	   where
-	       || *format == '-' || *format == ' ' || *format == '.')
-	  format++;
+	   flags	::= [#-* 0]+
+	   field-width	::= [0-9]+
+	   precision	::= '.' [0-9]*
+	   If a field-width is specified, it specifies to which width
+	   the output should be padded with blanks, iff the output
+	   string is shorter than field-width.
+	   if precision is specified, it specifies the number of
+	   digits to print after the '.' for floats, or the max.
+	   number of chars to print from a string.  */
+	precision = field_width = 0;
+	while (index ("-*# 0", *format))
+	  ++format;
+	if (*format >= '0' && *format <= '9')
+	  {
+	    for (field_width = 0; *format >= '0' && *format <= '9'; ++format)
+	      field_width = 10 * field_width + *format - '0';
+	  }
+	if (*format == '.')
+	  {
+	    ++format;
+	    for (precision = 0; *format >= '0' && *format <= '9'; ++format)
+	      precision = 10 * precision + *format - '0';
+	  }
 	if (format - this_format_start + 1 > longest_format)
 	  longest_format = format - this_format_start + 1;
 	if (format == end)
 	  }
 	else if (FLOATP (args[n]) && *format != 's')
 	  {
 	    if (! (*format == 'e' || *format == 'f' || *format == 'g'))
 	      args[n] = Ftruncate (args[n], Qnil);
-	    thissize = 200;
+	    /* Note that we're using sprintf to print floats,
+	       so we have to take into account what that function
+	       prints.  */
+	    thissize = 200 + precision;
 	  }
 	else
 	  {
 	    /* Anything but a string, convert to a string using princ.  */
 	    register Lisp_Object tem;
 	      }
 	    args[n] = tem;
 	    goto string;
 	  }
-	if (thissize < minlen)
+	thissize = max (field_width, thissize);
-	  thissize = minlen;
 	total += thissize + 4;
 }
 /* Now we can no longer jump to retry.
 TOTAL and LONGEST_FORMAT are known for certain.  */
 	}
 else
 	*p++ = *format++, nchars++;
 }
+if (p > buf + total + 1)
+abort ();
 if (maybe_combine_byte)
 nchars = multibyte_chars_in_text (buf, p - buf);
 val = make_specified_string (buf, nchars, p - buf, multibyte);
 /* If we allocated BUF with malloc, free it too.  */

Mercurial > emacs

comparison src/editfns.c @ 34566:0370af7597d2