Fix buffer overrun

git-svn-id: svn+ssh://svn.gna.org/svn/gnustep/libs/base/trunk@18644 72102866-910b-0410-8b05-ffd578937521
2025-04-22 16:33:29 +00:00 · 2004-02-24 09:06:14 +00:00 · 2004-02-24 09:06:14 +00:00 · cd863fed81
commit cd863fed81
parent ae3e89e417
2 changed files with 25 additions and 4 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+2004-02-24 Richard Frith-Macdonald <rfm@gnu.org>
+
+	* Source/GSFormat.m: Fix buffer overrun by strlen() when printing
+	c-strings without nul terminators using '%*.*s' format.
+
 2004-02-23  Adam Fedor  <fedor@gnu.org>

 	* Source/NSUser.m (NSHomeDirectoryForUser): Allow whitespace
--- a/Source/GSFormat.m
+++ b/Source/GSFormat.m
@ -1736,12 +1736,28 @@ NSDictionary *locale)
 	    /* This is complicated.  We have to transform the multibyte
 	       string into a unicode string.  */
 	    const char		*str = (const char*)string;
-	    unsigned		slen = strlen(str);
+	    unsigned		slen;
 	    NSStringEncoding	enc = GetDefEncoding();

-	    len = prec != -1 ? (unsigned)prec : slen;
-	    if (len > slen)
-	      len = slen;
+	    if (prec != -1)
+	      {
+		len = (unsigned)prec;
+		/*
+		 * If the actual length is less than the precision,
+		 * we use the actual length.
+		 */
+		for (slen = 0; slen < len; slen++)
+		  {
+		    if (str[slen] == 0)
+		      {
+			len = slen;
+		      }
+		  }
+	      }
+	    else
+	      {
+		len = strlen(str);
+	      }

 	    /* Allocate dynamically an array which definitely is long
 	       enough for the wide character version.  */