(process_string_arg): Don't overflow the stack for large precisions.
authordrepper <drepper>
Tue, 1 May 2007 04:11:26 +0000 (04:11 +0000)
committerdrepper <drepper>
Tue, 1 May 2007 04:11:26 +0000 (04:11 +0000)
stdio-common/vfprintf.c

index 946551f..31bc523 100644 (file)
@@ -1160,19 +1160,25 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap)
                else                                                          \
                  {                                                           \
                    /* In case we have a multibyte character set the          \
-                      situation is more compilcated.  We must not copy       \
+                      situation is more complicated.  We must not copy       \
                       bytes at the end which form an incomplete character. */\
-                   wchar_t ignore[prec];                                     \
+                   wchar_t ignore[1024];                                     \
                    const char *str2 = string;                                \
-                   mbstate_t ps;                                             \
+                   const char *strend = string + prec;                       \
+                   if (strend < string)                                      \
+                     strend = (const char *) UINTPTR_MAX;                    \
                                                                              \
+                   mbstate_t ps;                                             \
                    memset (&ps, '\0', sizeof (ps));                          \
-                   if (__mbsnrtowcs (ignore, &str2, prec, prec, &ps)         \
-                       == (size_t) -1)                                       \
-                     {                                                       \
-                       done = -1;                                            \
-                       goto all_done;                                        \
-                     }                                                       \
+                                                                             \
+                   while (str2 != NULL && str2 < strend)                     \
+                     if (__mbsnrtowcs (ignore, &str2, strend - str2, 1024,   \
+                                       &ps) == (size_t) -1)                  \
+                       {                                                     \
+                         done = -1;                                          \
+                         goto all_done;                                      \
+                       }                                                     \
+                                                                             \
                    if (str2 == NULL)                                         \
                      len = strlen (string);                                  \
                    else                                                      \