summaryrefslogtreecommitdiff
path: root/libc
diff options
context:
space:
mode:
authorDavid McCullough <davidm@snapgear.com>2002-09-17 01:40:47 +0000
committerDavid McCullough <davidm@snapgear.com>2002-09-17 01:40:47 +0000
commitbc31d1c7241bb037c6fa4ca0563afe22e99894c0 (patch)
tree9628cc4e33f49e5d003993b0abcd718deb2d72eb /libc
parent032f59d2a95d46aa0942c4e0ee52757a5f33ed26 (diff)
Fix a memory corruption bug.
With gcc, sizeof on a sized array argument to a function returns 4, not 16 as was expected in this code. This caused inet_ntoa to overwrite whatever came before the buffer in the BSS by up to 12 bytes.
Diffstat (limited to 'libc')
-rw-r--r--libc/inet/addr.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/libc/inet/addr.c b/libc/inet/addr.c
index 7751b6bc2..df14fd09f 100644
--- a/libc/inet/addr.c
+++ b/libc/inet/addr.c
@@ -84,14 +84,17 @@ unsigned long inet_addr(const char *cp)
#endif
#ifdef L_inet_ntoa
-char *inet_ntoa_r(struct in_addr in, char buf[16])
+
+#define INET_NTOA_MAX_LEN 16 /* max 12 digits + 3 '.'s + 1 nul */
+
+char *inet_ntoa_r(struct in_addr in, char buf[INET_NTOA_MAX_LEN])
{
unsigned long addr = ntohl(in.s_addr);
int i;
char *p, *q;
q = 0;
- p = buf + sizeof(buf) - 1;
+ p = buf + INET_NTOA_MAX_LEN - 1; /* cannot use sizeof(buf) here */
for (i=0 ; i < 4 ; i++ ) {
p = _int10tostr(p, addr & 0xff) - 1;
addr >>= 8;
@@ -106,7 +109,7 @@ char *inet_ntoa_r(struct in_addr in, char buf[16])
char *inet_ntoa(struct in_addr in)
{
- static char buf[16]; /* max 12 digits + 3 '.'s + 1 nul */
+ static char buf[INET_NTOA_MAX_LEN];
return(inet_ntoa_r(in, buf));
}
#endif