From b8a0fd9139fb9ad3f16b20315e576ff7df5eaa86 Mon Sep 17 00:00:00 2001 From: ache Date: Wed, 24 Dec 1997 13:47:13 +0000 Subject: Fix snprintf(...%n...) to pass not more than buffer size to %n agrument, old variant always assume infinite buffer. %n is for actually transmitted characters, not for planned ones. --- lib/libc/stdio/vfprintf.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'lib/libc') diff --git a/lib/libc/stdio/vfprintf.c b/lib/libc/stdio/vfprintf.c index 105d7fe..4abdbc4 100644 --- a/lib/libc/stdio/vfprintf.c +++ b/lib/libc/stdio/vfprintf.c @@ -39,7 +39,7 @@ static char sccsid[] = "@(#)vfprintf.c 8.1 (Berkeley) 6/4/93"; #endif static const char rcsid[] = - "$Id: vfprintf.c,v 1.12 1997/02/22 15:02:40 peter Exp $"; + "$Id: vfprintf.c,v 1.13 1997/12/19 21:59:22 bde Exp $"; #endif /* LIBC_SCCS and not lint */ /* @@ -643,14 +643,18 @@ fp_begin: if (prec == -1) break; #endif /* FLOATING_POINT */ case 'n': + n = ret; + if ((fp->_flags & __SSTR) && + fp->_bf._size < n) + n = fp->_bf._size; if (flags & QUADINT) - *GETARG(quad_t *) = ret; + *GETARG(quad_t *) = n; else if (flags & LONGINT) - *GETARG(long *) = ret; + *GETARG(long *) = n; else if (flags & SHORTINT) - *GETARG(short *) = ret; + *GETARG(short *) = n; else - *GETARG(int *) = ret; + *GETARG(int *) = n; continue; /* no output */ case 'O': flags |= LONGINT; -- cgit v1.1