Changeset 8526

Timestamp:

Aug 23, 2006, 1:23:13 PM (20 years ago)

Author:

jhoblitt

Message:

fix a buffer overflow in psDBIntToString() by correctly calculating the length of the string and using snprintf instead of sprintf

File:

• trunk/psLib/src/db/psDB.c (modified) (2 diffs)

trunk/psLib/src/db/psDB.c

@@ -12 +12 @@
  *  @author Joshua Hoblitt
  *
- *  @version $Revision: 1.84 $ $Name: not supported by cvs2svn $
- *  @date $Date: 2006-08-22 02:41:22 $
+ *  @version $Revision: 1.85 $ $Name: not supported by cvs2svn $
+ *  @date $Date: 2006-08-23 23:23:13 $
  *
  *  Copyright (C) 2005-2006  Joshua Hoblitt, University of Hawaii
@@ -2125 +2125 @@
 static char *psDBIntToString(psU64 n)
 {
-    // length of string + \0
+    // length of string (log10 + 1) + \0
     // if n is 0, length is 1 char + \0
-    size_t length = n ? (size_t)log10((double)n) + 1
+    size_t length = n ? (size_t)log10((double)n) + 1 + 1
                     : 2;
     char *string = psAlloc(length);
-    sprintf(string, "%li", (long int)n);
+    snprintf(string, length, "%li", (long int)n);
 
     return string;