diff options
author | Rob Richards <rrichards@php.net> | 2005-10-05 22:35:11 +0000 |
---|---|---|
committer | Rob Richards <rrichards@php.net> | 2005-10-05 22:35:11 +0000 |
commit | 67be9508832409edf18a95f3bccdfaaf9e1bc6ef (patch) | |
tree | ce71d206292dcd19f080606f0ab1a4a2aa9b126d /ext/wddx | |
parent | 8b14aded85f4b640ee96574c26deae74da46911e (diff) | |
download | php-git-67be9508832409edf18a95f3bccdfaaf9e1bc6ef.tar.gz |
fix buffer lengths passed to snprintf
Diffstat (limited to 'ext/wddx')
-rw-r--r-- | ext/wddx/php_wddx_api.h | 3 | ||||
-rw-r--r-- | ext/wddx/wddx.c | 6 |
2 files changed, 6 insertions, 3 deletions
diff --git a/ext/wddx/php_wddx_api.h b/ext/wddx/php_wddx_api.h index 1c34f173c5..d49c559ec4 100644 --- a/ext/wddx/php_wddx_api.h +++ b/ext/wddx/php_wddx_api.h @@ -47,6 +47,9 @@ #define WDDX_VAR_S "<var name='%s'>" #define WDDX_VAR_E "</var>" +#define WDDX_NUMBER_LEN 17 +#define WDDX_VAR_S_LEN 13 + #define php_wddx_add_chunk(packet, str) smart_str_appends(packet, str) #define php_wddx_add_chunk_ex(packet, str, len) smart_str_appendl(packet, str, len) #define php_wddx_add_chunk_static(packet, str) smart_str_appendl(packet, str, sizeof(str)-1) diff --git a/ext/wddx/wddx.c b/ext/wddx/wddx.c index 2d1fa64509..a6dc0280a7 100644 --- a/ext/wddx/wddx.c +++ b/ext/wddx/wddx.c @@ -423,7 +423,7 @@ static void php_wddx_serialize_number(wddx_packet *packet, zval *var) tmp = *var; zval_copy_ctor(&tmp); convert_to_string(&tmp); - snprintf(tmp_buf, Z_STRLEN(tmp), WDDX_NUMBER, Z_STRVAL(tmp)); + snprintf(tmp_buf, Z_STRLEN(tmp) + WDDX_NUMBER_LEN + 1, WDDX_NUMBER, Z_STRVAL(tmp)); zval_dtor(&tmp); php_wddx_add_chunk(packet, tmp_buf); @@ -625,8 +625,8 @@ void php_wddx_serialize_var(wddx_packet *packet, zval *var, char *name, int name if (name) { name_esc = php_escape_html_entities(name, name_len, &name_esc_len, 0, ENT_QUOTES, NULL TSRMLS_CC); - tmp_buf = emalloc(name_esc_len + 1); - snprintf(tmp_buf, name_esc_len, WDDX_VAR_S, name_esc); + tmp_buf = emalloc(name_esc_len + WDDX_VAR_S_LEN + 1); + snprintf(tmp_buf, name_esc_len + WDDX_VAR_S_LEN + 1, WDDX_VAR_S, name_esc); php_wddx_add_chunk(packet, tmp_buf); efree(tmp_buf); efree(name_esc); |