summaryrefslogtreecommitdiff
path: root/main/snprintf.c
diff options
context:
space:
mode:
authorGustavo André dos Santos Lopes <cataphract@php.net>2011-02-21 06:53:24 +0000
committerGustavo André dos Santos Lopes <cataphract@php.net>2011-02-21 06:53:24 +0000
commit1b2d14c5e10cc024f97a257a00fbefdb3a906501 (patch)
treeb298697999baa765356e765faff4701fcbbb95e0 /main/snprintf.c
parent54a7e5d7c37d11cf186cb8b9107c88b1b5e08d5d (diff)
downloadphp-git-1b2d14c5e10cc024f97a257a00fbefdb3a906501.tar.gz
- Fixed bug #54055 (buffer overrun with high values for precision ini
setting). #This fix (for g/G/k/H modes) is done at a different level than that for the #modes e/E/f/F, at a bit higher level and therefore with less coverage. I #chose this because it addresses the problem where it is -- the calling function #that passes a buffer too small to php_gcvt.
Diffstat (limited to 'main/snprintf.c')
-rw-r--r--main/snprintf.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/main/snprintf.c b/main/snprintf.c
index a1e0b0aee7..30456dd437 100644
--- a/main/snprintf.c
+++ b/main/snprintf.c
@@ -677,10 +677,6 @@ static int format_converter(register buffy * odp, const char *fmt, va_list ap) /
/*
* Check if a precision was specified
- *
- * XXX: an unreasonable amount of precision may be specified
- * resulting in overflow of num_buf. Currently we
- * ignore this possibility.
*/
if (*fmt == '.') {
adjust_precision = YES;
@@ -694,6 +690,10 @@ static int format_converter(register buffy * odp, const char *fmt, va_list ap) /
precision = 0;
} else
precision = 0;
+
+ if (precision > FORMAT_CONV_MAX_PRECISION) {
+ precision = FORMAT_CONV_MAX_PRECISION;
+ }
} else
adjust_precision = NO;
} else