diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2015-02-17 22:13:35 +0100 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2015-02-17 22:13:35 +0100 |
| commit | 03feba8cc1a68da8882bfc90d182365308a00743 (patch) | |
| tree | 7abec9fa0987ffd70ae30dffb7496d34d1d32241 /sys/src/cmd/6c | |
| parent | fdeea811b7f309e1bd542a0a23fd382e332b2c2e (diff) | |
[125678kqv][cl]: fix sprint() and strcpy() buffer overflows
Diffstat (limited to 'sys/src/cmd/6c')
| -rw-r--r-- | sys/src/cmd/6c/list.c | 56 |
1 files changed, 25 insertions, 31 deletions
diff --git a/sys/src/cmd/6c/list.c b/sys/src/cmd/6c/list.c index 73efdf139..08b926754 100644 --- a/sys/src/cmd/6c/list.c +++ b/sys/src/cmd/6c/list.c @@ -20,20 +20,17 @@ Bconv(Fmt *fp) Bits bits; int i; - str[0] = 0; bits = va_arg(fp->args, Bits); while(bany(&bits)) { i = bnum(bits); if(str[0]) - strcat(str, " "); + strncat(str, " ", sizeof str - 1); if(var[i].sym == S) { - sprint(ss, "$%lld", var[i].offset); + snprint(ss, sizeof ss, "$%lld", var[i].offset); s = ss; } else s = var[i].sym->name; - if(strlen(str) + strlen(s) + 1 >= STRINGSZ) - break; - strcat(str, s); + strncat(str, s, sizeof str - 1); bits.b[i/32] &= ~(1L << (i%32)); } return fmtstrcpy(fp, str); @@ -47,13 +44,13 @@ Pconv(Fmt *fp) p = va_arg(fp->args, Prog*); if(p->as == ADATA) - sprint(str, " %A %D/%d,%D", + snprint(str, sizeof str, " %A %D/%d,%D", p->as, &p->from, p->from.scale, &p->to); else if(p->as == ATEXT) - sprint(str, " %A %D,%d,%D", + snprint(str, sizeof str, " %A %D,%d,%D", p->as, &p->from, p->from.scale, &p->to); else - sprint(str, " %A %D,%D", + snprint(str, sizeof str, " %A %D,%D", p->as, &p->from, &p->to); return fmtstrcpy(fp, str); } @@ -70,7 +67,7 @@ Aconv(Fmt *fp) int Dconv(Fmt *fp) { - char str[40], s[20]; + char str[40]; Adr *a; int i; @@ -78,18 +75,18 @@ Dconv(Fmt *fp) i = a->type; if(i >= D_INDIR) { if(a->offset) - sprint(str, "%lld(%R)", a->offset, i-D_INDIR); + snprint(str, sizeof str, "%lld(%R)", a->offset, i-D_INDIR); else - sprint(str, "(%R)", i-D_INDIR); + snprint(str, sizeof str, "(%R)", i-D_INDIR); goto brk; } switch(i) { default: if(a->offset) - sprint(str, "$%lld,%R", a->offset, i); + snprint(str, sizeof str, "$%lld,%R", a->offset, i); else - sprint(str, "%R", i); + snprint(str, sizeof str, "%R", i); break; case D_NONE: @@ -97,54 +94,51 @@ Dconv(Fmt *fp) break; case D_BRANCH: - sprint(str, "%lld(PC)", a->offset-pc); + snprint(str, sizeof str, "%lld(PC)", a->offset-pc); break; case D_EXTERN: - sprint(str, "%s+%lld(SB)", a->sym->name, a->offset); + snprint(str, sizeof str, "%s+%lld(SB)", a->sym->name, a->offset); break; case D_STATIC: - sprint(str, "%s<>+%lld(SB)", a->sym->name, - a->offset); + snprint(str, sizeof str, "%s<>+%lld(SB)", a->sym->name, a->offset); break; case D_AUTO: - sprint(str, "%s+%lld(SP)", a->sym->name, a->offset); + snprint(str, sizeof str, "%s+%lld(SP)", a->sym->name, a->offset); break; case D_PARAM: if(a->sym) - sprint(str, "%s+%lld(FP)", a->sym->name, a->offset); + snprint(str, sizeof str, "%s+%lld(FP)", a->sym->name, a->offset); else - sprint(str, "%lld(FP)", a->offset); + snprint(str, sizeof str, "%lld(FP)", a->offset); break; case D_CONST: - sprint(str, "$%lld", a->offset); + snprint(str, sizeof str, "$%lld", a->offset); break; case D_FCONST: - sprint(str, "$(%.17e)", a->dval); + snprint(str, sizeof str, "$(%.17e)", a->dval); break; case D_SCONST: - sprint(str, "$\"%S\"", a->sval); + snprint(str, sizeof str, "$\"%S\"", a->sval); break; case D_ADDR: a->type = a->index; a->index = D_NONE; - sprint(str, "$%D", a); + snprint(str, sizeof str, "$%D", a); a->index = a->type; a->type = D_ADDR; goto conv; } brk: - if(a->index != D_NONE) { - sprint(s, "(%R*%d)", (int)a->index, (int)a->scale); - strcat(str, s); - } + if(a->index != D_NONE) + return fmtprint(fp, "%s(%R*%d)", str, (int)a->index, (int)a->scale); conv: return fmtstrcpy(fp, str); } @@ -284,9 +278,9 @@ Rconv(Fmt *fp) r = va_arg(fp->args, int); if(r >= D_AL && r <= D_NONE) - sprint(str, "%s", regstr[r-D_AL]); + snprint(str, sizeof str, "%s", regstr[r-D_AL]); else - sprint(str, "gok(%d)", r); + snprint(str, sizeof str, "gok(%d)", r); return fmtstrcpy(fp, str); } |