Commit b4990734 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

dprintf_formatf: fix (false?) Coverity warning 

CID 1024412: Memory - illegal accesses (OVERRUN). Claimed to happen when
we run over 'workend' but the condition says <= workend and for all I
can see it should be safe. Compensating for the warning by adding a byte
margin in the buffer.

Also, removed the extra brace level indentation in the code and made it
so that 'workend' is only assigned once within the function.
parent 2639c392

lib/mprintf.c

+58 −55
Original line number Diff line number Diff line
@@ -581,6 +581,11 @@ static int dprintf_formatf( 


  va_stack_t *p;



  /* 'workend' points to the final buffer byte position, but with an extra

     byte as margin to avoid the (false?) warning Coverity gives us

     otherwise */

  char *workend = &work[sizeof(work) - 2];



  /* Do the actual %-code parsing */

  dprintf_Pass1(format, vto, endpos, ap_save);
@@ -610,6 +615,8 @@ static int dprintf_formatf( 
    /* Used to convert negative in positive.  */

    mp_intmax_t signed_num;



    char *w;



    if(*f != '%') {

      /* This isn't a format spec, so write everything out until the next one

         OR end of string is reached.  */
@@ -730,9 +737,6 @@ static int dprintf_formatf( 


      number:

      /* Number of base BASE.  */

      {

        char *workend = &work[sizeof(work) - 1];

        char *w;



      /* Supply a default precision if none was given.  */

      if(prec == -1)
@@ -795,7 +799,6 @@ static int dprintf_formatf( 
      if(p->flags & FLAGS_LEFT)

        while(width-- > 0)

          OUTCHAR(' ');

      }

      break;



    case FORMAT_STRING: