quote: don't use sprintf()

There is no point in using sprintf(), and it adds the possibility of either bugs due to the output not matching what the byte count loop is expecting, or just cause people to freak out due to the notion that "sprinf is unsafe". Reported-by: Ed Beroset <beroset@mindspring.com> Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2024-12-21 09:19:31 +08:00 · 2009-07-14 14:48:26 -04:00 · 2009-07-14 14:48:26 -04:00 · 466ba97d68
commit 466ba97d68
parent bf0247af7a
1 changed files with 17 additions and 7 deletions
--- a/quote.c
+++ b/quote.c
@ -85,12 +85,15 @@ char *nasm_quote(char *str, size_t len)
 		    break;
 		default:
 		    c1 = (p+1 < ep) ? p[1] : 0;
-		    if (c > 077 || (c1 >= '0' && c1 <= '7'))
-			qlen += 4; /* Must use the full form */
-		    else if (c > 07)
-			qlen += 3;
+		    if (c1 >= '0' && c1 <= '7')
+			c1 = 0377; /* Must use the full form */
 		    else
-			qlen += 2;
+			c1 = c;
+		    if (c1 > 077)
+			qlen++;
+		    if (c1 > 07)
+			qlen++;
+		    qlen += 2;
 		    break;
 		}
 	    } else {
@ -155,9 +158,16 @@ char *nasm_quote(char *str, size_t len)
 		if (c < ' ' || c > '~') {
 		    c1 = (p+1 < ep) ? p[1] : 0;
 		    if (c1 >= '0' && c1 <= '7')
-			q += sprintf(q, "\\%03o", (unsigned char)c);
+			c1 = 0377; /* Must use the full form */
 		    else
-			q += sprintf(q, "\\%o", (unsigned char)c);
+			c1 = c;
+		    *q++ = '\\';
+		    if (c1 > 077)
+			*q++ = (c >> 6) + '0';
+		    if (c1 > 07)
+			*q++ = ((c >> 3) & 7) + '0';
+		    *q++ = (c & 7) + '0';
+		    break;
 		} else {
 		    *q++ = c;
 		}