diff options
author | Jakub Jelinek <jakub@redhat.com> | 2009-04-24 08:00:37 +0000 |
---|---|---|
committer | Jakub Jelinek <jakub@redhat.com> | 2009-04-24 08:00:37 +0000 |
commit | 7dec33c08e4755e72d1280e48e61f0141dfc1da5 (patch) | |
tree | 22aa7aa8ebc1f795e180c8c0d99cdda7d2a3ffef /stdlib | |
parent | 335206256c84eaefab082284523e5b8f89fcffb2 (diff) |
Updated to fedora-glibc-20090424T0747cvs/fedora-glibc-2_9_90-20
Diffstat (limited to 'stdlib')
-rw-r--r-- | stdlib/random_r.c | 4 | ||||
-rw-r--r-- | stdlib/strfmon_l.c | 25 |
2 files changed, 18 insertions, 11 deletions
diff --git a/stdlib/random_r.c b/stdlib/random_r.c index 5e564a737d..a30055f598 100644 --- a/stdlib/random_r.c +++ b/stdlib/random_r.c @@ -1,5 +1,5 @@ /* - Copyright (C) 1995, 2005 Free Software Foundation + Copyright (C) 1995, 2005, 2009 Free Software Foundation The GNU C Library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -166,7 +166,7 @@ __srandom_r (seed, buf) int type; int32_t *state; long int i; - long int word; + int32_t word; int32_t *dst; int kc; diff --git a/stdlib/strfmon_l.c b/stdlib/strfmon_l.c index c9f3a47b41..8e63d459e3 100644 --- a/stdlib/strfmon_l.c +++ b/stdlib/strfmon_l.c @@ -1,5 +1,5 @@ /* Formatting a monetary value according to the given locale. - Copyright (C) 1996, 1997, 2002, 2004, 2006 Free Software Foundation, Inc. + Copyright (C) 1996,1997,2002,2004,2006,2009 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996. @@ -133,7 +133,7 @@ __vstrfmon_l (char *s, size_t maxsize, __locale_t loc, const char *format, int done; const char *currency_symbol; size_t currency_symbol_len; - int width; + long int width; char *startp; const void *ptr; char space_char; @@ -221,13 +221,21 @@ __vstrfmon_l (char *s, size_t maxsize, __locale_t loc, const char *format, while (isdigit (*++fmt)) { - width *= 10; - width += to_digit (*fmt); + int val = to_digit (*fmt); + + if (width > LONG_MAX / 10 + || (width == LONG_MAX && val > LONG_MAX % 10)) + { + __set_errno (E2BIG); + return -1; + } + + width = width * 10 + val; } /* If we don't have enough room for the demanded width we can stop now and return an error. */ - if (dest + width >= s + maxsize) + if (width >= maxsize - (dest - s)) { __set_errno (E2BIG); return -1; @@ -560,7 +568,7 @@ __vstrfmon_l (char *s, size_t maxsize, __locale_t loc, const char *format, out_char (space_char); out_nstring (currency_symbol, currency_symbol_len); } - + if (sign_posn == 4) { if (sep_by_space == 2) @@ -589,9 +597,8 @@ __vstrfmon_l (char *s, size_t maxsize, __locale_t loc, const char *format, while (dest - startp < width); else { - int dist = width - (dest - startp); - char *cp; - for (cp = dest - 1; cp >= startp; --cp) + long int dist = width - (dest - startp); + for (char *cp = dest - 1; cp >= startp; --cp) cp[dist] = cp[0]; dest += dist; |