diff options
author | Paul Eggert <eggert@cs.ucla.edu> | 2021-09-17 12:24:31 -0700 |
---|---|---|
committer | Paul Eggert <eggert@cs.ucla.edu> | 2021-09-17 12:25:32 -0700 |
commit | 6462fa8be51c304d9273ca6943b49f44616455a7 (patch) | |
tree | 096499f1cc53b7cd02eac9c2185e2520d0361a69 | |
parent | 2f7d215539637d8190ed57868980988086883433 (diff) | |
download | paxutils-6462fa8be51c304d9273ca6943b49f44616455a7.tar.gz |
Don’t overallocate rtapelib sprintf buffers
* lib/rtapelib.c (rmt_lseek__, rmt_ioctl__): Don’t promote
arguments of INT_STRLEN_BOUND, as that might over-allocate the
resulting buffers. This is not an efficiency problem because any
overallocations are tiny. However, it is confusing (to me, at
least) to have code that unnecessarily overallocates, as that
makes it harder to reason about integer or buffer overflow.
-rw-r--r-- | lib/rtapelib.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/rtapelib.c b/lib/rtapelib.c index 1ff2eb6..d7b8b36 100644 --- a/lib/rtapelib.c +++ b/lib/rtapelib.c @@ -657,7 +657,7 @@ rmt_write__ (int handle, char *buffer, size_t length) off_t rmt_lseek__ (int handle, off_t offset, int whence) { - char command_buffer[sizeof "L\n0\n" + INT_STRLEN_BOUND (+offset)]; + char command_buffer[sizeof "L\n0\n" + INT_STRLEN_BOUND (offset)]; switch (whence) { @@ -691,8 +691,8 @@ rmt_ioctl__ (int handle, unsigned long int operation, void *argument) case MTIOCTOP: { struct mtop *mtop = argument; - enum { oplen = INT_STRLEN_BOUND (+mtop->mt_op) }; - enum { countlen = INT_STRLEN_BOUND (+mtop->mt_count) }; + enum { oplen = INT_STRLEN_BOUND (mtop->mt_op) }; + enum { countlen = INT_STRLEN_BOUND (mtop->mt_count) }; char command_buffer[sizeof "I\n\n" + oplen + countlen]; /* MTIOCTOP is the easy one. Nothing is transferred in binary. */ |