d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

If we ignore an unknown % sequence, we must stop interpreting the

Browse Source 
remaining % arguments because the varargs are now out of sync and
there is a risk that we might for instance dereference an integer
in a %s argument.

Sponsored by: Napatech.com
This commit is contained in:
phk 2005-09-03 10:28:08 +00:00
parent bba97f4018
commit 40bead9126
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
sys/kern/subr_prf.c
View File

@ -500,7 +500,7 @@ kvprintf(char const *fmt, void (*func)(int, void*), void *arg, int radix, va_lis
int cflag, hflag, jflag, tflag, zflag;
int dwidth;
char padc;
int retval = 0;
int stop = 0, retval = 0;
num = 0;
if (!func)
@ -517,7 +517,7 @@ kvprintf(char const *fmt, void (*func)(int, void*), void *arg, int radix, va_lis
for (;;) {
padc = ' ';
width = 0;
while ((ch = (u_char)*fmt++) != '%') {
while ((ch = (u_char)*fmt++) != '%' || stop) {
if (ch == '\0')
return (retval);
PCHAR(ch);
@ -780,6 +780,13 @@ number:
default:
while (percent < fmt)
PCHAR(*percent++);
/*
* Since we ignore an formatting argument it is no
* longer safe to obey the remaining formatting
* arguments as the arguments will no longer match
* the format specs.
*/
stop = 1;
break;
}
}