Browse code

core: new param to give outbut buffer size

- int2strbuf requires now outbut buffer size as parameter
- safer against misuses, suggested by Andrei Pelinescu-Onciul
- if size is less than INT2STR_MAX_LEN, return null pointer
(cherry picked from commit a765213ffa3769577dd7438c95737cb6b98bff74)

Daniel-Constantin Mierla authored on 02/02/2010 14:06:34
Showing 1 changed files
... ...
@@ -294,10 +294,15 @@ static inline char* int2str_base(unsigned int l, int* len, int base)
294 294
 
295 295
 /* print int to asciiz in a string buffer
296 296
  * - be sure result buffer is at least INT2STR_MAX_LEN in size */
297
-static inline char* int2strbuf(unsigned int l, char *r, int* len)
297
+static inline char* int2strbuf(unsigned int l, char *r, int r_size, int* len)
298 298
 {
299 299
 	int i;
300
-	
300
+
301
+	if(unlikely(r_size<INT2STR_MAX_LEN)) {
302
+		if (len)
303
+			*len = 0;
304
+		return 0; /* => if someone misuses it => crash (feature no. 1) */
305
+	}
301 306
 	i=INT2STR_MAX_LEN-2;
302 307
 	r[INT2STR_MAX_LEN-1]=0; /* null terminate */
303 308
 	do{
... ...
@@ -316,7 +321,7 @@ extern char ut_buf_int2str[INT2STR_MAX_LEN];
316 316
 /* returns a pointer to a static buffer containing l in asciiz & sets len */
317 317
 static inline char* int2str(unsigned long l, int* len)
318 318
 {
319
-	return int2strbuf(l, ut_buf_int2str, len);
319
+	return int2strbuf(l, ut_buf_int2str, INT2STR_MAX_LEN, len);
320 320
 }
321 321
 
322 322
 /* Signed INTeger-TO-STRing: convers a long to a string