[Gmp-commit] /var/hg/gmp: 2 new changesets

mercurial at gmplib.org mercurial at gmplib.org
Thu Dec 10 05:12:56 UTC 2015 

details:   /var/hg/gmp/rev/e959cba3b5a5
changeset: 16987:e959cba3b5a5
user:      Marco Bodrato <bodrato at mail.dm.unipi.it>
date:      Thu Dec 10 06:11:04 2015 +0100
description:
tests/misc/t-printf.c: Test a sequence of '%'.

details:   /var/hg/gmp/rev/89f8e0980aef
changeset: 16988:89f8e0980aef
user:      Marco Bodrato <bodrato at mail.dm.unipi.it>
date:      Thu Dec 10 06:12:51 2015 +0100
description:
printf/doprnt.c: Avoid buffer overrun with long long limbs.

diffstat:

 printf/doprnt.c       |   6 +++---
 tests/misc/t-printf.c |  11 ++++++++++-
 2 files changed, 13 insertions(+), 4 deletions(-)

diffs (57 lines):

diff -r 206dc0a1fc8c -r 89f8e0980aef printf/doprnt.c
--- a/printf/doprnt.c	Sun Dec 06 00:59:50 2015 +0100
+++ b/printf/doprnt.c	Thu Dec 10 06:12:51 2015 +0100
@@ -160,7 +160,7 @@
 	      const char *orig_fmt, va_list orig_ap)
 {
   va_list  ap, this_ap, last_ap;
-  size_t   alloc_fmt_size;
+  size_t   alloc_fmt_size, orig_fmt_size;
   char     *fmt, *alloc_fmt, *last_fmt, *this_fmt, *gmp_str;
   int      retval = 0;
   int      type, fchar, *value, seen_precision;
@@ -180,7 +180,7 @@
      piece can be null-terminated.  We're not going to be very fast here, so
      use __gmp_allocate_func rather than TMP_ALLOC, to avoid overflowing the
      stack if a long output string is given.  */
-  alloc_fmt_size = strlen (orig_fmt) + 1;
+  alloc_fmt_size = orig_fmt_size = strlen (orig_fmt) + 1;
 #if _LONG_LONG_LIMB
   /* for a long long limb we change %Mx to %llx, so could need an extra 1
      char for every 3 existing */
@@ -188,7 +188,7 @@
 #endif
   alloc_fmt = __GMP_ALLOCATE_FUNC_TYPE (alloc_fmt_size, char);
   fmt = alloc_fmt;
-  memcpy (fmt, orig_fmt, alloc_fmt_size);
+  memcpy (fmt, orig_fmt, orig_fmt_size);
 
   /* last_fmt and last_ap are just after the last output, and hence where
      the next output will begin, when that's done */
diff -r 206dc0a1fc8c -r 89f8e0980aef tests/misc/t-printf.c
--- a/tests/misc/t-printf.c	Sun Dec 06 00:59:50 2015 +0100
+++ b/tests/misc/t-printf.c	Thu Dec 10 06:12:51 2015 +0100
@@ -1,6 +1,6 @@
 /* Test gmp_printf and related functions.
 
-Copyright 2001-2003 Free Software Foundation, Inc.
+Copyright 2001-2003, 2015 Free Software Foundation, Inc.
 
 This file is part of the GNU MP Library test suite.
 
@@ -873,6 +873,15 @@
     memset (xs, 'x', sizeof(xs)-1);
     check_one (xs, "%s", xs);
   }
+  {
+    char  *xs;
+    xs = (char *) (*__gmp_allocate_func) (MAX_OUTPUT * 2 - 12);
+    memset (xs, '%', MAX_OUTPUT * 2 - 14);
+    xs [MAX_OUTPUT * 2 - 13] = '\0';
+    xs [MAX_OUTPUT * 2 - 14] = 'x';
+    check_one (xs + MAX_OUTPUT - 7, xs, NULL);
+    (*__gmp_free_func) (xs, MAX_OUTPUT * 2 - 12);
+  }
 
   mpz_set_ui (z, 12345L);
   check_one ("     12345", "%*Zd", 10, z);

More information about the gmp-commit mailing list