Ensure buffers are large enough for integer values

Issue raised by Sergei Trofimovich <siarheit@google.com>

* src/makeint.h (INTSTR_LENGTH): Update for unsigned values.
* src/function.c (func_lastword): Use INTSTR_LENGTH as buffer size.
(shell_function_completed): Ditto.
(func_call): Ditto.
* src/remote-cstms.c (start_remote_job): Ditto.
This commit is contained in:
Paul Smith 2022-02-21 09:29:41 -05:00
parent ec09ec775a
commit 8b3e678ace
3 changed files with 9 additions and 8 deletions

View file

@ -738,14 +738,14 @@ func_lastword (char *o, char **argv, const char *funcname UNUSED)
static char *
func_words (char *o, char **argv, const char *funcname UNUSED)
{
int i = 0;
unsigned int i = 0;
const char *word_iterator = argv[0];
char buf[20];
char buf[INTSTR_LENGTH];
while (find_next_token (&word_iterator, NULL) != 0)
++i;
sprintf (buf, "%d", i);
sprintf (buf, "%u", i);
o = variable_buffer_output (o, buf, strlen (buf));
return o;
@ -1615,7 +1615,7 @@ static int shell_function_completed;
void
shell_completed (int exit_code, int exit_sig)
{
char buf[256];
char buf[INTSTR_LENGTH];
shell_function_pid = 0;
if (exit_sig == 0 && exit_code == 127)
@ -2763,7 +2763,7 @@ func_call (char *o, char **argv, const char *funcname UNUSED)
for (i=0; *argv; ++i, ++argv)
{
char num[11];
char num[INTSTR_LENGTH];
sprintf (num, "%d", i);
define_variable (num, strlen (num), *argv, o_automatic, 0);
@ -2776,7 +2776,7 @@ func_call (char *o, char **argv, const char *funcname UNUSED)
for (; i < max_args; ++i)
{
char num[11];
char num[INTSTR_LENGTH];
sprintf (num, "%d", i);
define_variable (num, strlen (num), "", o_automatic, 0);

View file

@ -491,7 +491,7 @@ extern struct rlimit stack_limit;
integers as a string.
Does NOT include space for \0 so be sure to add it if needed.
Math suggested by Edward Welbourne <edward.welbourne@qt.io> */
#define INTSTR_LENGTH (53 * sizeof(uintmax_t) / 22 + 2)
#define INTSTR_LENGTH (53 * sizeof(uintmax_t) / 22 + 3)
#define DEFAULT_TTYNAME "true"
#ifdef HAVE_TTYNAME

View file

@ -232,7 +232,8 @@ start_remote_job (char **argv, char **envp, int stdin_fd,
else if (pid == 0)
{
/* Child side. Run 'export' to handle the connection. */
static char sock_buf[20], retsock_buf[20], id_buf[20];
static char sock_buf[INTSTR_LENGTH], retsock_buf[INTSTR_LENGTH];
static char id_buf[INTSTR_LENGTH];
static char *new_argv[6] =
{ EXPORT_COMMAND, "-id", sock_buf, retsock_buf, id_buf, 0 };