MFC revisions 1.35-1.37.

Correct handling of format strings with escaped % specifications. Prevent buffer overflow when forcibly terminating an escape character.
2006-12-26 20:09:40 +00:00 · 2006-12-26 20:09:40 +00:00 · 60f4db4b7e
commit 60f4db4b7e
parent d37cf126fc
1 changed files with 9 additions and 3 deletions
--- a/usr.bin/jot/jot.c
+++ b/usr.bin/jot/jot.c
@ -393,8 +393,12 @@ getformat(void)
 	if (boring)				/* no need to bother */
 		return;
 	for (p = format; *p; p++)		/* look for '%' */
-		if (*p == '%' && *(p+1) != '%')	/* leave %% alone */
-			break;
+		if (*p == '%') {
+			if (p[1] == '%')
+				p++;		/* leave %% alone */
+			else
+				break;
+		}
 	sz = sizeof(format) - strlen(format) - 1;
 	if (!*p && !chardata) {
 		if (snprintf(p, sz, "%%.%df", prec) >= (int)sz)
@ -477,7 +481,9 @@ fmt_broken:
 			else if (*p == '%' && *(p+1) == '%')
 				p++;
 			else if (*p == '%' && !*(p+1)) {
-				strcat(format, "%");
+				if (strlcat(format, "%", sizeof(format)) >=
+				    sizeof(format))
+					errx(1, "-w word too long");
 				break;
 			}
 	}