tuse proper secure idiom for snprintf - granular - granular dynamics simulation
(HTM) git clone git://src.adamsgaard.dk/granular
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 40ba3713f2f936b47272087219ed0043b7baa995
(DIR) parent 0fe34fa5175dd35819839ff25ac866300fa82713
(HTM) Author: Anders Damsgaard <anders@adamsgaard.dk>
Date: Thu, 22 Apr 2021 11:57:40 +0200
use proper secure idiom for snprintf
Diffstat:
M arrays.c | 6 ++----
M util.c | 25 ++++++++++++++++++++-----
2 files changed, 22 insertions(+), 9 deletions(-)
---
(DIR) diff --git a/arrays.c b/arrays.c
t@@ -8,11 +8,9 @@
void
check_magnitude(const char *func_name, int limit, int value)
{
- if (value < limit) {
- fprintf(stderr, "error: %s: input size %d is less than %d\n",
+ if (value < limit)
+ errx("%s: input size %d is less than %d\n",
func_name, value, limit);
- exit(1);
- }
}
/* Translate a i,j,k index in grid with dimensions nx, ny, nz into a
(DIR) diff --git a/util.c b/util.c
t@@ -18,10 +18,13 @@ warn_parameter_value(const char message[],
void
check_float(const char name[], const double value, int *status)
{
+ int ret;
char message[100];
if (isnan(value)) {
- snprintf(message, sizeof(message), "%s is NaN", name);
+ ret = snprintf(message, sizeof(message), "%s is NaN", name);
+ if (ret < 0 || ret >= sizeof(buffer))
+ err("%s: message parsing", __func__);
warn_parameter_value(message, value, status);
*status = 1;
} else if (isinf(value)) {
t@@ -34,11 +37,14 @@ check_float(const char name[], const double value, int *status)
void
check_float_non_negative(const char name[], const double value, int *status)
{
+ int ret;
char message[100];
check_float(name, value, status);
if (value < 0.0) {
- snprintf(message, sizeof(message), "%s is negative", name);
+ ret = snprintf(message, sizeof(message), "%s is negative", name);
+ if (ret < 0 || ret >= sizeof(buffer))
+ err("%s: message parsing", __func__);
warn_parameter_value(message, value, status);
*status = 1;
}
t@@ -47,11 +53,14 @@ check_float_non_negative(const char name[], const double value, int *status)
void
check_float_positive(const char name[], const double value, int *status)
{
+ int ret;
char message[100];
check_float(name, value, status);
if (value <= 0.0) {
- snprintf(message, sizeof(message), "%s is not positive", name);
+ ret = snprintf(message, sizeof(message), "%s is not positive", name);
+ if (ret < 0 || ret >= sizeof(buffer))
+ err("%s: message parsing", __func__);
warn_parameter_value(message, value, status);
*status = 1;
}
t@@ -60,10 +69,13 @@ check_float_positive(const char name[], const double value, int *status)
void
check_int_bool(const char name[], const int value, int *status)
{
+ int ret;
char message[100];
if (value < 0 || value > 1) {
- snprintf(message, sizeof(message), "%s is not 0 or 1", name);
+ ret = snprintf(message, sizeof(message), "%s is not 0 or 1", name);
+ if (ret < 0 || ret >= sizeof(buffer))
+ err("%s: message parsing", __func__);
warn_parameter_value(message, (double)value, status);
*status = 1;
}
t@@ -72,10 +84,13 @@ check_int_bool(const char name[], const int value, int *status)
void
check_int_non_negative(const char name[], const int value, int *status)
{
+ int ret;
char message[100];
if (value < 0) {
- snprintf(message, sizeof(message), "%s is negative", name);
+ ret = snprintf(message, sizeof(message), "%s is negative", name);
+ if (ret < 0 || ret >= sizeof(buffer))
+ err("%s: message parsing", __func__);
warn_parameter_value(message, (double)value, status);
*status = 1;
}