diff options
author | phk <phk@FreeBSD.org> | 2005-09-03 10:28:08 +0000 |
---|---|---|
committer | phk <phk@FreeBSD.org> | 2005-09-03 10:28:08 +0000 |
commit | 40bead9126c4546fb34ceaa13c0245e51662c1c8 (patch) | |
tree | 6fa02be7fe948ed4c12f15c5f69eaec6257df428 /sys/kern/subr_prf.c | |
parent | bba97f40180ef885ad2f7244baf5b0f46a5bcc0f (diff) | |
download | FreeBSD-src-40bead9126c4546fb34ceaa13c0245e51662c1c8.zip FreeBSD-src-40bead9126c4546fb34ceaa13c0245e51662c1c8.tar.gz |
If we ignore an unknown % sequence, we must stop interpreting the
remaining % arguments because the varargs are now out of sync and
there is a risk that we might for instance dereference an integer
in a %s argument.
Sponsored by: Napatech.com
Diffstat (limited to 'sys/kern/subr_prf.c')
-rw-r--r-- | sys/kern/subr_prf.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/sys/kern/subr_prf.c b/sys/kern/subr_prf.c index 4a133b5..6fa556e 100644 --- a/sys/kern/subr_prf.c +++ b/sys/kern/subr_prf.c @@ -500,7 +500,7 @@ kvprintf(char const *fmt, void (*func)(int, void*), void *arg, int radix, va_lis int cflag, hflag, jflag, tflag, zflag; int dwidth; char padc; - int retval = 0; + int stop = 0, retval = 0; num = 0; if (!func) @@ -517,7 +517,7 @@ kvprintf(char const *fmt, void (*func)(int, void*), void *arg, int radix, va_lis for (;;) { padc = ' '; width = 0; - while ((ch = (u_char)*fmt++) != '%') { + while ((ch = (u_char)*fmt++) != '%' || stop) { if (ch == '\0') return (retval); PCHAR(ch); @@ -780,6 +780,13 @@ number: default: while (percent < fmt) PCHAR(*percent++); + /* + * Since we ignore an formatting argument it is no + * longer safe to obey the remaining formatting + * arguments as the arguments will no longer match + * the format specs. + */ + stop = 1; break; } } |