Fix a memory corruption bug.

With gcc, sizeof on a sized array argument to a function returns 4, not 16 as was expected in this code. This caused inet_ntoa to overwrite whatever came before the buffer in the BSS by up to 12 bytes.
author: David McCullough <davidm@snapgear.com> 2002-09-17 01:40:47 +0000
committer: David McCullough <davidm@snapgear.com> 2002-09-17 01:40:47 +0000
commit: bc31d1c7241bb037c6fa4ca0563afe22e99894c0 (patch)
tree: 9628cc4e33f49e5d003993b0abcd718deb2d72eb /libc/inet
parent: 032f59d2a95d46aa0942c4e0ee52757a5f33ed26 (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/libc/inet/addr.c b/libc/inet/addr.c
index 7751b6bc2..df14fd09f 100644
--- a/libc/inet/addr.c
+++ b/libc/inet/addr.c
@@ -84,14 +84,17 @@ unsigned long inet_addr(const char *cp)
 #endif
 
 #ifdef L_inet_ntoa
-char *inet_ntoa_r(struct in_addr in, char buf[16])
+
+#define INET_NTOA_MAX_LEN	16	/* max 12 digits + 3 '.'s + 1 nul */
+
+char *inet_ntoa_r(struct in_addr in, char buf[INET_NTOA_MAX_LEN])
 {
 	unsigned long addr = ntohl(in.s_addr);
 	int i;
 	char *p, *q;
    
 	q = 0;
-	p = buf + sizeof(buf) - 1;
+	p = buf + INET_NTOA_MAX_LEN - 1; /* cannot use sizeof(buf) here */
 	for (i=0 ; i < 4 ; i++ ) {
 		p = _int10tostr(p, addr & 0xff) - 1;
 		addr >>= 8;
@@ -106,7 +109,7 @@ char *inet_ntoa_r(struct in_addr in, char buf[16])
 
 char *inet_ntoa(struct in_addr in)
 {
-	static char buf[16];		/* max 12 digits + 3 '.'s + 1 nul */
+	static char buf[INET_NTOA_MAX_LEN];
 	return(inet_ntoa_r(in, buf));
 }
 #endif
author	David McCullough <davidm@snapgear.com>	2002-09-17 01:40:47 +0000
committer	David McCullough <davidm@snapgear.com>	2002-09-17 01:40:47 +0000
commit	bc31d1c7241bb037c6fa4ca0563afe22e99894c0 (patch)
tree	9628cc4e33f49e5d003993b0abcd718deb2d72eb /libc/inet
parent	032f59d2a95d46aa0942c4e0ee52757a5f33ed26 (diff)