From: Nick B. <ni...@sg...> - 2005-06-24 03:51:48
|
sial_ptr() makes some unsafe assumptions about how much we want to stuff into a string in a printf. eg static char * sial_ptr(char *fmt, value_t **vals) { int len=strlen(fmt)+100; char *nfmt=sial_alloc(len),*ni=nfmt; char *onefmt=sial_alloc(100), *onei=onefmt; char *p=fmt; char last=' '; int curarg=0; #define NBYTES (len-(nfmt-ni)) This is mostly fine when dealing with numbers, but if we have strings (eg %s), then we can easily hit this. Attached is a patch which checks for string arguments and dynamically sizes the fmt buffers appropriately. We still add 100 chars to allow for numbers (since there is no hard and fast rules for how big a number will be). Nick |