ref: f85a7bfa8943a40c196cb4e3778106bcc77e7eb5
parent: 21c1937146f4b5acc6e3a5a695116419f19554ad
author: Hiltjo Posthuma <hiltjo@codemadness.org>
date: Fri Jul 17 17:10:44 EDT 2015
expand: fix %d -> %s format string for char * line, check truncation or error
--- a/cc1/cpp.c
+++ b/cc1/cpp.c
@@ -184,7 +184,7 @@
expand(char *begin, Symbol *sym)
{size_t len;
- int n;
+ int n, r;
char *s = sym->u.s;
char *arglist[NR_MACROARG], arguments[INPUTSIZ], buffer[BUFSIZE];
@@ -194,7 +194,11 @@
goto print_subs;
}
if (sym == symline) {- sprintf(buffer, "%d", input->line);
+ r = snprintf(buffer, sizeof(buffer), "%s", input->line);
+ if(r == -1 || (size_t)r >= sizeof(buffer)) {+ error("expansion of macro \"%s\" is too long", sym->name);+ return 0;
+ }
goto print_subs;
}