quote: don't use sprintf()

There is no point in using sprintf(), and it adds the possibility of
either bugs due to the output not matching what the byte count loop is
expecting, or just cause people to freak out due to the notion that
"sprinf is unsafe".

Reported-by: Ed Beroset <beroset@mindspring.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
This commit is contained in:
H. Peter Anvin 2009-07-14 14:48:26 -04:00
parent bf0247af7a
commit 466ba97d68

22
quote.c
View File

@ -85,11 +85,14 @@ char *nasm_quote(char *str, size_t len)
break; break;
default: default:
c1 = (p+1 < ep) ? p[1] : 0; c1 = (p+1 < ep) ? p[1] : 0;
if (c > 077 || (c1 >= '0' && c1 <= '7')) if (c1 >= '0' && c1 <= '7')
qlen += 4; /* Must use the full form */ c1 = 0377; /* Must use the full form */
else if (c > 07)
qlen += 3;
else else
c1 = c;
if (c1 > 077)
qlen++;
if (c1 > 07)
qlen++;
qlen += 2; qlen += 2;
break; break;
} }
@ -155,9 +158,16 @@ char *nasm_quote(char *str, size_t len)
if (c < ' ' || c > '~') { if (c < ' ' || c > '~') {
c1 = (p+1 < ep) ? p[1] : 0; c1 = (p+1 < ep) ? p[1] : 0;
if (c1 >= '0' && c1 <= '7') if (c1 >= '0' && c1 <= '7')
q += sprintf(q, "\\%03o", (unsigned char)c); c1 = 0377; /* Must use the full form */
else else
q += sprintf(q, "\\%o", (unsigned char)c); c1 = c;
*q++ = '\\';
if (c1 > 077)
*q++ = (c >> 6) + '0';
if (c1 > 07)
*q++ = ((c >> 3) & 7) + '0';
*q++ = (c & 7) + '0';
break;
} else { } else {
*q++ = c; *q++ = c;
} }