MCPcopy Index your code
hub / github.com/MapServer/MapServer / makeFmtSafe

Function makeFmtSafe

mapimagemap.c:124–152  ·  view source on GitHub ↗

Prevent buffer-overrun and format-string attacks by "sanitizing" any * provided format string to fit the number of expected string arguments * (MAX) exactly. */

Source from the content-addressed store, hash-verified

122 * provided format string to fit the number of expected string arguments
123 * (MAX) exactly. */
124static const char *makeFmtSafe(const char *fmt, int MAX) {
125 /* format string should have exactly 'MAX' %s */
126
127 char *result = msSmallMalloc(strlen(fmt)+1+3*MAX), *cp;
128 int numstr=0, saw_percent=0;
129
130 strcpy(result, fmt);
131 for (cp=result; *cp; cp++) {
132 if (saw_percent) {
133 if (*cp=='%') {
134 /* safe */
135 } else if (*cp=='s' && numstr<MAX) {
136 numstr++; /* still safe */
137 } else {
138 /* disable this unsafe format string! */
139 *(cp-1)=' ';
140 }
141 saw_percent=0;
142 } else if (*cp=='%')
143 saw_percent=1;
144 }
145 /* fixup format strings without enough %s in them */
146 while (numstr<MAX) {
147 strcpy(cp, "%.s"); /* print using zero-length precision */
148 cp+=3;
149 numstr++;
150 }
151 return result;
152}
153
154/* Append the given printf-style formatted string to the pString 'ps'.
155 * This is much cleaner (and faster) than the technique this file

Callers 1

msImageCreateIMFunction · 0.85

Calls 1

msSmallMallocFunction · 0.85

Tested by

no test coverage detected