Sun Oct 11 01:01:46 2015 UTC ()
Get rid of the sprintf() bogus macro and use lengths explicitly when buffers
are involved.
(christos)
diff -r1.5 -r1.6 src/external/mit/lua/dist/src/lobject.c
diff -r1.9 -r1.10 src/external/mit/lua/dist/src/lstrlib.c
diff -r1.4 -r1.5 src/external/mit/lua/dist/src/luac.c
diff -r1.14 -r1.15 src/external/mit/lua/dist/src/luaconf.h
--- src/external/mit/lua/dist/src/lobject.c 2015/10/08 13:21:00 1.5
+++ src/external/mit/lua/dist/src/lobject.c 2015/10/11 01:01:45 1.6
@@ -1,4 +1,4 @@
-/* $NetBSD: lobject.c,v 1.5 2015/10/08 13:21:00 mbalmer Exp $ */
+/* $NetBSD: lobject.c,v 1.6 2015/10/11 01:01:45 christos Exp $ */
/*
** Id: lobject.c,v 2.104 2015/04/11 18:30:08 roberto Exp
@@ -358,9 +358,9 @@
lua_assert(ttisnumber(obj));
#ifndef _KERNEL
if (ttisinteger(obj))
- len = lua_integer2str(buff, ivalue(obj));
+ len = lua_integer2str(buff, sizeof(buff), ivalue(obj));
else {
- len = lua_number2str(buff, fltvalue(obj));
+ len = lua_number2str(buff, sizeof(buff), fltvalue(obj));
#if !defined(LUA_COMPAT_FLOATSTRING)
if (buff[strspn(buff, "-0123456789")] == '\0') { /* looks like an int? */
buff[len++] = lua_getlocaledecpoint();
@@ -424,7 +424,7 @@
#endif
case 'p': {
char buff[4*sizeof(void *) + 8]; /* should be enough space for a '%p' */
- int l = sprintf(buff, "%p", va_arg(argp, void *));
+ int l = snprintf(buff, sizeof(buff), "%p", va_arg(argp, void *));
pushstr(L, buff, l);
break;
}
--- src/external/mit/lua/dist/src/lstrlib.c 2015/10/08 13:40:16 1.9
+++ src/external/mit/lua/dist/src/lstrlib.c 2015/10/11 01:01:45 1.10
@@ -1,4 +1,4 @@
-/* $NetBSD: lstrlib.c,v 1.9 2015/10/08 13:40:16 mbalmer Exp $ */
+/* $NetBSD: lstrlib.c,v 1.10 2015/10/11 01:01:45 christos Exp $ */
/*
** Id: lstrlib.c,v 1.229 2015/05/20 17:39:23 roberto Exp
@@ -834,12 +834,12 @@
}
-static int num2straux (char *buff, lua_Number x) {
+static int num2straux (char *buff, size_t len, lua_Number x) {
if (x != x || x == HUGE_VAL || x == -HUGE_VAL) /* inf or NaN? */
- return sprintf(buff, LUA_NUMBER_FMT, x); /* equal to '%g' */
+ return snprintf(buff, len, LUA_NUMBER_FMT, x); /* equal to '%g' */
else if (x == 0) { /* can be -0... */
- sprintf(buff, LUA_NUMBER_FMT, x);
- strcat(buff, "x0p+0"); /* reuses '0/-0' from 'sprintf'... */
+ snprintf(buff, len, LUA_NUMBER_FMT, x);
+ strlcat(buff, "x0p+0", len); /* reuses '0/-0' from 'snprintf'... */
return strlen(buff);
}
else {
@@ -859,7 +859,8 @@
m = adddigit(buff, n++, m * 16);
} while (m > 0);
}
- n += sprintf(buff + n, "p%+d", e); /* add exponent */
+ if (len > (size_t)n)
+ n += snprintf(buff + n, len - n, "p%+d", e); /* add exponent */
return n;
}
}
@@ -913,9 +914,9 @@
else if (*s == '\0' || iscntrl(uchar(*s))) {
char buff[10];
if (!isdigit(uchar(*(s+1))))
- sprintf(buff, "\\%d", (int)uchar(*s));
+ snprintf(buff, sizeof(buff), "\\%d", (int)uchar(*s));
else
- sprintf(buff, "\\%03d", (int)uchar(*s));
+ snprintf(buff, sizeof(buff), "\\%03d", (int)uchar(*s));
luaL_addstring(b, buff);
}
else
@@ -982,25 +983,25 @@
strfrmt = scanformat(L, strfrmt, form);
switch (*strfrmt++) {
case 'c': {
- nb = sprintf(buff, form, (int)luaL_checkinteger(L, arg));
+ nb = snprintf(buff, MAX_ITEM, form, (int)luaL_checkinteger(L, arg));
break;
}
case 'd': case 'i':
case 'o': case 'u': case 'x': case 'X': {
lua_Integer n = luaL_checkinteger(L, arg);
addlenmod(form, LUA_INTEGER_FRMLEN);
- nb = sprintf(buff, form, n);
+ nb = snprintf(buff, MAX_ITEM, form, n);
break;
}
#ifndef _KERNEL
case 'a': case 'A':
addlenmod(form, LUA_NUMBER_FRMLEN);
- nb = lua_number2strx(L, buff, form, luaL_checknumber(L, arg));
+ nb = lua_number2strx(L, buff, MAX_ITEM, form, luaL_checknumber(L, arg));
break;
case 'e': case 'E': case 'f':
case 'g': case 'G': {
addlenmod(form, LUA_NUMBER_FRMLEN);
- nb = sprintf(buff, form, luaL_checknumber(L, arg));
+ nb = snprintf(buff, MAX_ITEM, form, luaL_checknumber(L, arg));
break;
}
#endif
@@ -1017,7 +1018,7 @@
luaL_addvalue(&b);
}
else {
- nb = sprintf(buff, form, s);
+ nb = snprintf(buff, MAX_ITEM, form, s);
lua_pop(L, 1); /* remove result from 'luaL_tolstring' */
}
break;
--- src/external/mit/lua/dist/src/luac.c 2015/10/08 13:21:00 1.4
+++ src/external/mit/lua/dist/src/luac.c 2015/10/11 01:01:45 1.5
@@ -1,4 +1,4 @@
-/* $NetBSD: luac.c,v 1.4 2015/10/08 13:21:00 mbalmer Exp $ */
+/* $NetBSD: luac.c,v 1.5 2015/10/11 01:01:45 christos Exp $ */
/*
** Id: luac.c,v 1.75 2015/03/12 01:58:27 lhf Exp
@@ -267,7 +267,7 @@
case LUA_TNUMFLT:
{
char buff[100];
- sprintf(buff,LUA_NUMBER_FMT,fltvalue(o));
+ snprintf(buff, sizeof(buff), LUA_NUMBER_FMT,fltvalue(o));
printf("%s",buff);
if (buff[strspn(buff,"-0123456789")]=='\0') printf(".0");
break;
--- src/external/mit/lua/dist/src/luaconf.h 2015/10/08 13:21:00 1.14
+++ src/external/mit/lua/dist/src/luaconf.h 2015/10/11 01:01:45 1.15
@@ -1,4 +1,4 @@
-/* $NetBSD: luaconf.h,v 1.14 2015/10/08 13:21:00 mbalmer Exp $ */
+/* $NetBSD: luaconf.h,v 1.15 2015/10/11 01:01:45 christos Exp $ */
/*
** Id: luaconf.h,v 1.251 2015/05/20 17:39:23 roberto Exp
@@ -478,7 +478,7 @@
#define l_floor(x) (l_mathop(floor)(x))
-#define lua_number2str(s,n) sprintf((s), LUA_NUMBER_FMT, (n))
+#define lua_number2str(s,l, n) snprintf((s), (l), LUA_NUMBER_FMT, (n))
/*
@@ -515,7 +515,7 @@
/* The following definitions are good for most cases here */
#define LUA_INTEGER_FMT "%" LUA_INTEGER_FRMLEN "d"
-#define lua_integer2str(s,n) sprintf((s), LUA_INTEGER_FMT, (n))
+#define lua_integer2str(s,l,n) snprintf((s), (l), LUA_INTEGER_FMT, (n))
#define LUAI_UACINT LUA_INTEGER
@@ -599,12 +599,12 @@
/*
@@ lua_number2strx converts a float to an hexadecimal numeric string.
-** In C99, 'sprintf' (with format specifiers '%a'/'%A') does that.
+** In C99, 'snprintf' (with format specifiers '%a'/'%A') does that.
** Otherwise, you can leave 'lua_number2strx' undefined and Lua will
** provide its own implementation.
*/
#if !defined(LUA_USE_C89)
-#define lua_number2strx(L,b,f,n) sprintf(b,f,n)
+#define lua_number2strx(L,b,l,f,n) snprintf(b,l,f,n)
#endif
@@ -801,8 +801,6 @@
/* stdio.h */
#define lua_writestring(s,l) printf("%s", (s))
#define lua_writeline() printf("\n")
-
-#define sprintf(s,fmt,...) snprintf(s, sizeof(s), fmt, __VA_ARGS__)
/* string.h */
#define strcoll strcmp