diff options
| author | Gustavo André dos Santos Lopes <cataphract@php.net> | 2011-02-21 06:53:24 +0000 |
|---|---|---|
| committer | Gustavo André dos Santos Lopes <cataphract@php.net> | 2011-02-21 06:53:24 +0000 |
| commit | 1b2d14c5e10cc024f97a257a00fbefdb3a906501 (patch) | |
| tree | b298697999baa765356e765faff4701fcbbb95e0 /main/snprintf.c | |
| parent | 54a7e5d7c37d11cf186cb8b9107c88b1b5e08d5d (diff) | |
| download | php-git-1b2d14c5e10cc024f97a257a00fbefdb3a906501.tar.gz | |
- Fixed bug #54055 (buffer overrun with high values for precision ini
setting).
#This fix (for g/G/k/H modes) is done at a different level than that for the
#modes e/E/f/F, at a bit higher level and therefore with less coverage. I
#chose this because it addresses the problem where it is -- the calling function
#that passes a buffer too small to php_gcvt.
Diffstat (limited to 'main/snprintf.c')
| -rw-r--r-- | main/snprintf.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/main/snprintf.c b/main/snprintf.c index a1e0b0aee7..30456dd437 100644 --- a/main/snprintf.c +++ b/main/snprintf.c @@ -677,10 +677,6 @@ static int format_converter(register buffy * odp, const char *fmt, va_list ap) / /* * Check if a precision was specified - * - * XXX: an unreasonable amount of precision may be specified - * resulting in overflow of num_buf. Currently we - * ignore this possibility. */ if (*fmt == '.') { adjust_precision = YES; @@ -694,6 +690,10 @@ static int format_converter(register buffy * odp, const char *fmt, va_list ap) / precision = 0; } else precision = 0; + + if (precision > FORMAT_CONV_MAX_PRECISION) { + precision = FORMAT_CONV_MAX_PRECISION; + } } else adjust_precision = NO; } else |