diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2015-02-17 22:13:35 +0100 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2015-02-17 22:13:35 +0100 |
| commit | 03feba8cc1a68da8882bfc90d182365308a00743 (patch) | |
| tree | 7abec9fa0987ffd70ae30dffb7496d34d1d32241 /sys/src/cmd/7c | |
| parent | fdeea811b7f309e1bd542a0a23fd382e332b2c2e (diff) | |
[125678kqv][cl]: fix sprint() and strcpy() buffer overflows
Diffstat (limited to 'sys/src/cmd/7c')
| -rw-r--r-- | sys/src/cmd/7c/list.c | 64 |
1 files changed, 31 insertions, 33 deletions
diff --git a/sys/src/cmd/7c/list.c b/sys/src/cmd/7c/list.c index 465f5d0ca..c2ebdbf1f 100644 --- a/sys/src/cmd/7c/list.c +++ b/sys/src/cmd/7c/list.c @@ -20,20 +20,18 @@ Bconv(Fmt *fp) Bits bits; int i; - str[0] = 0; + memset(str, 0, sizeof str); bits = va_arg(fp->args, Bits); while(bany(&bits)) { i = bnum(bits); if(str[0]) - strcat(str, " "); + strncat(str, " ", sizeof str - 1); if(var[i].sym == S) { - sprint(ss, "$%lld", var[i].offset); + snprint(ss, sizeof ss, "$%lld", var[i].offset); s = ss; } else s = var[i].sym->name; - if(strlen(str) + strlen(s) + 1 >= STRINGSZ) - break; - strcat(str, s); + strncat(str, s, sizeof str - 1); bits.b[i/32] &= ~(1L << (i%32)); } return fmtstrcpy(fp, str); @@ -49,18 +47,18 @@ Pconv(Fmt *fp) p = va_arg(fp->args, Prog*); a = p->as; if(a == ADATA) - sprint(str, " %A %D/%d,%D", a, &p->from, p->reg, &p->to); + snprint(str, sizeof str, " %A %D/%d,%D", a, &p->from, p->reg, &p->to); else if(p->as == ATEXT) - sprint(str, " %A %D,%d,%D", a, &p->from, p->reg, &p->to); + snprint(str, sizeof str, " %A %D,%d,%D", a, &p->from, p->reg, &p->to); else if(p->reg == NREG) - sprint(str, " %A %D,%D", a, &p->from, &p->to); + snprint(str, sizeof str, " %A %D,%D", a, &p->from, &p->to); else if(p->from.type != D_FREG) - sprint(str, " %A %D,R%d,%D", a, &p->from, p->reg, &p->to); + snprint(str, sizeof str, " %A %D,R%d,%D", a, &p->from, p->reg, &p->to); else - sprint(str, " %A %D,F%d,%D", a, &p->from, p->reg, &p->to); + snprint(str, sizeof str, " %A %D,F%d,%D", a, &p->from, p->reg, &p->to); return fmtstrcpy(fp, str); } @@ -87,57 +85,57 @@ Dconv(Fmt *fp) switch(a->type) { default: - sprint(str, "GOK-type(%d)", a->type); + snprint(str, sizeof str, "GOK-type(%d)", a->type); break; case D_NONE: str[0] = 0; if(a->name != D_NONE || a->reg != NREG || a->sym != S) - sprint(str, "%N(R%d)(NONE)", a, a->reg); + snprint(str, sizeof str, "%N(R%d)(NONE)", a, a->reg); break; case D_CONST: if(a->reg != NREG) - sprint(str, "$%N(R%d)", a, a->reg); + snprint(str, sizeof str, "$%N(R%d)", a, a->reg); else - sprint(str, "$%N", a); + snprint(str, sizeof str, "$%N", a); break; case D_OREG: if(a->reg != NREG) - sprint(str, "%N(R%d)", a, a->reg); + snprint(str, sizeof str, "%N(R%d)", a, a->reg); else - sprint(str, "%N", a); + snprint(str, sizeof str, "%N", a); break; case D_REG: - sprint(str, "R%d", a->reg); + snprint(str, sizeof str, "R%d", a->reg); if(a->name != D_NONE || a->sym != S) - sprint(str, "%N(R%d)(REG)", a, a->reg); + snprint(str, sizeof str, "%N(R%d)(REG)", a, a->reg); break; case D_FREG: - sprint(str, "F%d", a->reg); + snprint(str, sizeof str, "F%d", a->reg); if(a->name != D_NONE || a->sym != S) - sprint(str, "%N(R%d)(REG)", a, a->reg); + snprint(str, sizeof str, "%N(R%d)(REG)", a, a->reg); break; case D_FCREG: - sprint(str, "FPCR"); + snprint(str, sizeof str, "FPCR"); if(a->reg != 0 || a->name != D_NONE || a->sym != S) - sprint(str, "%N(FPCR%d)(REG)", a, a->reg); + snprint(str, sizeof str, "%N(FPCR%d)(REG)", a, a->reg); break; case D_BRANCH: - sprint(str, "%lld(PC)", a->offset-pc); + snprint(str, sizeof str, "%lld(PC)", a->offset-pc); break; case D_FCONST: - sprint(str, "$%.17e", a->dval); + snprint(str, sizeof str, "$%.17e", a->dval); break; case D_SCONST: - sprint(str, "$\"%S\"", a->sval); + snprint(str, sizeof str, "$\"%S\"", a->sval); break; } return fmtstrcpy(fp, str); @@ -200,32 +198,32 @@ Nconv(Fmt *fp) a = va_arg(fp->args, Adr*); s = a->sym; if(s == S) { - sprint(str, "%lld", a->offset); + snprint(str, sizeof str, "%lld", a->offset); goto out; } switch(a->name) { default: - sprint(str, "GOK-name(%d)", a->name); + snprint(str, sizeof str, "GOK-name(%d)", a->name); break; case D_NONE: - sprint(str, "%lld", a->offset); + snprint(str, sizeof str, "%lld", a->offset); break; case D_EXTERN: - sprint(str, "%s+%lld(SB)", s->name, a->offset); + snprint(str, sizeof str, "%s+%lld(SB)", s->name, a->offset); break; case D_STATIC: - sprint(str, "%s<>+%lld(SB)", s->name, a->offset); + snprint(str, sizeof str, "%s<>+%lld(SB)", s->name, a->offset); break; case D_AUTO: - sprint(str, "%s-%lld(SP)", s->name, -a->offset); + snprint(str, sizeof str, "%s-%lld(SP)", s->name, -a->offset); break; case D_PARAM: - sprint(str, "%s+%lld(FP)", s->name, a->offset); + snprint(str, sizeof str, "%s+%lld(FP)", s->name, a->offset); break; } out: |