diff options
author | David McCullough <davidm@snapgear.com> | 2002-09-17 01:40:47 +0000 |
---|---|---|
committer | David McCullough <davidm@snapgear.com> | 2002-09-17 01:40:47 +0000 |
commit | bc31d1c7241bb037c6fa4ca0563afe22e99894c0 (patch) | |
tree | 9628cc4e33f49e5d003993b0abcd718deb2d72eb /libc | |
parent | 032f59d2a95d46aa0942c4e0ee52757a5f33ed26 (diff) |
Fix a memory corruption bug.
With gcc, sizeof on a sized array argument to a function returns 4, not
16 as was expected in this code. This caused inet_ntoa to overwrite
whatever came before the buffer in the BSS by up to 12 bytes.
Diffstat (limited to 'libc')
-rw-r--r-- | libc/inet/addr.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/libc/inet/addr.c b/libc/inet/addr.c index 7751b6bc2..df14fd09f 100644 --- a/libc/inet/addr.c +++ b/libc/inet/addr.c @@ -84,14 +84,17 @@ unsigned long inet_addr(const char *cp) #endif #ifdef L_inet_ntoa -char *inet_ntoa_r(struct in_addr in, char buf[16]) + +#define INET_NTOA_MAX_LEN 16 /* max 12 digits + 3 '.'s + 1 nul */ + +char *inet_ntoa_r(struct in_addr in, char buf[INET_NTOA_MAX_LEN]) { unsigned long addr = ntohl(in.s_addr); int i; char *p, *q; q = 0; - p = buf + sizeof(buf) - 1; + p = buf + INET_NTOA_MAX_LEN - 1; /* cannot use sizeof(buf) here */ for (i=0 ; i < 4 ; i++ ) { p = _int10tostr(p, addr & 0xff) - 1; addr >>= 8; @@ -106,7 +109,7 @@ char *inet_ntoa_r(struct in_addr in, char buf[16]) char *inet_ntoa(struct in_addr in) { - static char buf[16]; /* max 12 digits + 3 '.'s + 1 nul */ + static char buf[INET_NTOA_MAX_LEN]; return(inet_ntoa_r(in, buf)); } #endif |