intel/compute-runtime
1
0
Fork 0
mirror of https://github.com/intel/compute-runtime.git synced 2025-12-26 15:03:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixing potential buffer overflow in simple_sprintf

Browse Source 
Change-Id: I67d92073d05049740b4a1bf9783fe8dede7c3c0a
This commit is contained in:
Chodor, Jaroslaw
2018-04-19 13:52:45 +02:00
committed by sys_ocldev
parent 83160213f0
commit 9b0820d6de
2 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
runtime/os_interface/windows/print.cpp
View File

@@ -53,6 +53,10 @@ size_t simple_sprintf(char *output, size_t outputSize, const char *format, T val
_set_output_format(_TWO_DIGIT_EXPONENT);
#endif
size_t len = strlen(format);
if (len == 0) {
output[0] = '\0';
return 0;
}
if (len > 3 && *(format + len - 2) == 'h' && *(format + len - 3) == 'h') {
if (*(format + len - 1) == 'i' || *(format + len - 1) == 'd') {
@@ -63,11 +67,10 @@ size_t simple_sprintf(char *output, size_t outputSize, const char *format, T val
return sprintf_s(output, outputSize, format, fixedValue);
}
} else if (format[len - 1] == 'F') {
char formatCopy[1024];
strcpy_s(formatCopy, 1024, format);
formatCopy[len - 1] = 'f';
std::string formatCopy = format;
*formatCopy.rbegin() = 'f';
size_t returnValue = sprintf_s(output, outputSize, formatCopy, value);
size_t returnValue = sprintf_s(output, outputSize, formatCopy.c_str(), value);
for (size_t i = 0; i < returnValue; i++)
output[i] = std::toupper(output[i]);
return returnValue;