[src/netbsd-1-6]: src/gnu/dist/groff/src/preproc/pic Pull up revision 1.2 (re...

[lukem <lukem%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/5ac727f89cd0
branches:  netbsd-1-6
changeset: 529131:5ac727f89cd0
user:      lukem <lukem%NetBSD.org@localhost>
date:      Wed Oct 02 01:29:36 2002 +0000

description:
Pull up revision 1.2 (requested by wiz in ticket #869):
Change argument handling to be like in groff-1.18, thus avoiding
a possible buffer overflow.

diffstat:

 gnu/dist/groff/src/preproc/pic/pic.y |  28 +++++++---------------------
 1 files changed, 7 insertions(+), 21 deletions(-)

diffs (58 lines):

diff -r 03c894f59946 -r 5ac727f89cd0 gnu/dist/groff/src/preproc/pic/pic.y
--- a/gnu/dist/groff/src/preproc/pic/pic.y      Wed Oct 02 01:19:49 2002 +0000
+++ b/gnu/dist/groff/src/preproc/pic/pic.y      Wed Oct 02 01:29:36 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pic.y,v 1.1.1.1 2001/04/19 12:51:34 wiz Exp $  */
+/*     $NetBSD: pic.y,v 1.1.1.1.2.1 2002/10/02 01:29:36 lukem Exp $    */
 
 /* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc.
      Written by James Clark (jjc%jclark.com@localhost)
@@ -1747,23 +1747,7 @@
 {
   if (form == 0)
     form = "%g";
-  else {
-    // this is a fairly feeble attempt at validation of the format
-    int nspecs = 0;
-    for (const char *p = form; *p != '\0'; p++)
-      if (*p == '%') {
-       if (p[1] == '%')
-         p++;
-       else
-         nspecs++;
-      }
-    if (nspecs > 1) {
-      lex_error("bad format `%1'", form);
-      return strsave(form);
-    }
-  }
-  sprintf(sprintf_buf, form, n);
-  return strsave(sprintf_buf);
+  return do_sprintf(form, &n, 1);
 }
 
 char *do_sprintf(const char *form, const double *v, int nv)
@@ -1785,18 +1769,20 @@
       if (*form == '%') {
        one_format += *form++;
        one_format += '\0';
-       sprintf(sprintf_buf, one_format.contents());
+       snprintf(sprintf_buf, sizeof(sprintf_buf),
+                "%s", one_format.contents());
       }
       else {
        if (i >= nv) {
-         lex_error("too few arguments to sprintf");
+         lex_error("too few arguments to snprintf");
          result += one_format;
          result += form;
          break;
        }
        one_format += *form++;
        one_format += '\0';
-       sprintf(sprintf_buf, one_format.contents(), v[i++]);
+       snprintf(sprintf_buf, sizeof(sprintf_buf),
+                one_format.contents(), v[i++]);
       }
       one_format.clear();
       result += sprintf_buf;