[asterisk-commits] tilghman: branch 1.6.1 r138026 - in /branches/1.6.1: ./ funcs/func_strings.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Fri Aug 15 10:04:53 CDT 2008 

Author: tilghman
Date: Fri Aug 15 10:04:53 2008
New Revision: 138026

URL: http://svn.digium.com/view/asterisk?view=rev&rev=138026
Log:
Merged revisions 138024 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/trunk

................
r138024 | tilghman | 2008-08-15 10:03:32 -0500 (Fri, 15 Aug 2008) | 16 lines

Merged revisions 138023 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/branches/1.4

........
r138023 | tilghman | 2008-08-15 09:51:12 -0500 (Fri, 15 Aug 2008) | 8 lines

Additional check for more string specifiers than arguments.
(closes issue #13299)
 Reported by: adomjan
 Patches: 
       20080813__bug13299.diff.txt uploaded by Corydon76 (license 14)
       func_strings.c-sprintf.patch uploaded by adomjan (license 487)
 Tested by: adomjan

........

................

Modified:
    branches/1.6.1/   (props changed)
    branches/1.6.1/funcs/func_strings.c

Propchange: branches/1.6.1/
------------------------------------------------------------------------------
--- trunk-merged (original)
+++ trunk-merged Fri Aug 15 10:04:53 2008
@@ -1,1 +1,1 @@
-/trunk:1-137647,137680,137732,137780,137812,137848,137933,137987
+/trunk:1-137647,137680,137732,137780,137812,137848,137933,137987,138024

Modified: branches/1.6.1/funcs/func_strings.c
URL: http://svn.digium.com/view/asterisk/branches/1.6.1/funcs/func_strings.c?view=diff&rev=138026&r1=138025&r2=138026
==============================================================================
--- branches/1.6.1/funcs/func_strings.c (original)
+++ branches/1.6.1/funcs/func_strings.c Fri Aug 15 10:04:53 2008
@@ -496,8 +496,13 @@
 				formatbuf[&arg.format[i] - formatstart + 1] = '\0';
 
 				/* Convert the argument into the required type */
-				if (sscanf(arg.var[argcount++], "%d", &tmpi) != 1) {
-					ast_log(LOG_ERROR, "Argument '%s' is not an integer number for format '%s'\n", arg.var[argcount - 1], formatbuf);
+				if (arg.var[argcount]) {
+					if (sscanf(arg.var[argcount++], "%d", &tmpi) != 1) {
+						ast_log(LOG_ERROR, "Argument '%s' is not an integer number for format '%s'\n", arg.var[argcount - 1], formatbuf);
+						goto sprintf_fail;
+					}
+				} else {
+					ast_log(LOG_ERROR, "SPRINTF() has more format specifiers than arguments!\n");
 					goto sprintf_fail;
 				}
 
@@ -514,8 +519,13 @@
 				formatbuf[&arg.format[i] - formatstart + 1] = '\0';
 
 				/* Convert the argument into the required type */
-				if (sscanf(arg.var[argcount++], "%lf", &tmpd) != 1) {
-					ast_log(LOG_ERROR, "Argument '%s' is not a floating point number for format '%s'\n", arg.var[argcount - 1], formatbuf);
+				if (arg.var[argcount]) {
+					if (sscanf(arg.var[argcount++], "%lf", &tmpd) != 1) {
+						ast_log(LOG_ERROR, "Argument '%s' is not a floating point number for format '%s'\n", arg.var[argcount - 1], formatbuf);
+						goto sprintf_fail;
+					}
+				} else {
+					ast_log(LOG_ERROR, "SPRINTF() has more format specifiers than arguments!\n");
 					goto sprintf_fail;
 				}
 
@@ -562,6 +572,7 @@
 			}
 		}
 	}
+	*bufptr = '\0';
 	return 0;
 sprintf_fail:
 	return -1;

More information about the asterisk-commits mailing list