From 466ba97d68bf289aef6c62ba449957def1291e0f Mon Sep 17 00:00:00 2001 From: "H. Peter Anvin" Date: Tue, 14 Jul 2009 14:48:26 -0400 Subject: [PATCH] quote: don't use sprintf() There is no point in using sprintf(), and it adds the possibility of either bugs due to the output not matching what the byte count loop is expecting, or just cause people to freak out due to the notion that "sprinf is unsafe". Reported-by: Ed Beroset Signed-off-by: H. Peter Anvin --- quote.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/quote.c b/quote.c index 3aca4403..5381d043 100644 --- a/quote.c +++ b/quote.c @@ -85,12 +85,15 @@ char *nasm_quote(char *str, size_t len) break; default: c1 = (p+1 < ep) ? p[1] : 0; - if (c > 077 || (c1 >= '0' && c1 <= '7')) - qlen += 4; /* Must use the full form */ - else if (c > 07) - qlen += 3; + if (c1 >= '0' && c1 <= '7') + c1 = 0377; /* Must use the full form */ else - qlen += 2; + c1 = c; + if (c1 > 077) + qlen++; + if (c1 > 07) + qlen++; + qlen += 2; break; } } else { @@ -155,9 +158,16 @@ char *nasm_quote(char *str, size_t len) if (c < ' ' || c > '~') { c1 = (p+1 < ep) ? p[1] : 0; if (c1 >= '0' && c1 <= '7') - q += sprintf(q, "\\%03o", (unsigned char)c); + c1 = 0377; /* Must use the full form */ else - q += sprintf(q, "\\%o", (unsigned char)c); + c1 = c; + *q++ = '\\'; + if (c1 > 077) + *q++ = (c >> 6) + '0'; + if (c1 > 07) + *q++ = ((c >> 3) & 7) + '0'; + *q++ = (c & 7) + '0'; + break; } else { *q++ = c; }