Bug 377451. Fix crash in cvt_s when string is longer than precision. NSPRPUB_PRE_4_2_CLIENT_BRANCH
authorwtc%google.com
Mon, 14 May 2007 20:16:25 +0000
branchNSPRPUB_PRE_4_2_CLIENT_BRANCH
changeset 3838 fdd106c0e79c7f9ea014486c735830b92cf435d7
parent 3837 bd225879f8f45e71d4f2b7f9de3ef5697bc95089
child 3839 b0a6e6a0150a4e57130ecd7261cf6225dfe52a38
push idunknown
push userunknown
push dateunknown
bugs377451
Bug 377451. Fix crash in cvt_s when string is longer than precision. r=wtc,julien.pierre Tag: NSPRPUB_PRE_4_2_CLIENT_BRANCH
pr/src/io/prprf.c
--- a/pr/src/io/prprf.c
+++ b/pr/src/io/prprf.c
@@ -368,34 +368,41 @@ static int cvt_f(SprintfState *ss, doubl
     return (*ss->stuff)(ss, fout, strlen(fout));
 }
 
 /*
 ** Convert a string into its printable form.  "width" is the output
 ** width. "prec" is the maximum number of characters of "s" to output,
 ** where -1 means until NUL.
 */
-static int cvt_s(SprintfState *ss, const char *s, int width, int prec,
+static int cvt_s(SprintfState *ss, const char *str, int width, int prec,
 		 int flags)
 {
     int slen;
 
     if (prec == 0)
 	return 0;
 
     /* Limit string length by precision value */
-    slen = s ? strlen(s) : 6;
+    if (!str) {
+    	str = "(null)";
+    } 
     if (prec > 0) {
-	if (prec < slen) {
-	    slen = prec;
-	}
+	/* this is:  slen = strnlen(str, prec); */
+	register const char *s;
+
+	for(s = str; prec && *s; s++, prec-- )
+	    ;
+	slen = s - str;
+    } else {
+	slen = strlen(str);
     }
 
     /* and away we go */
-    return fill2(ss, s ? s : "(null)", slen, width, flags);
+    return fill2(ss, str, slen, width, flags);
 }
 
 /*
 ** BuildArgArray stands for Numbered Argument list Sprintf
 ** for example,  
 **	fmp = "%4$i, %2$d, %3s, %1d";
 ** the number must start from 1, and no gap among them
 */