]>
Commit | Line | Data |
---|---|---|
1ac47269 AM |
1 | diff -urN cvs-nserver-1.11.1.52.org/acinclude.m4 cvs-nserver-1.11.1.52/acinclude.m4 |
2 | --- cvs-nserver-1.11.1.52.org/acinclude.m4 2004-06-11 15:13:22.806441712 +0200 | |
3 | +++ cvs-nserver-1.11.1.52/acinclude.m4 2004-06-11 15:14:12.949818760 +0200 | |
4 | @@ -229,3 +229,85 @@ | |
5 | AC_SEARCH_LIBS([gss_import_name], [gssapi_krb5 gssapi]) | |
6 | fi | |
7 | ])dnl | |
8 | + | |
9 | + | |
10 | + | |
11 | +# size_max.m4 serial 2 | |
12 | +dnl Copyright (C) 2003 Free Software Foundation, Inc. | |
13 | +dnl This file is free software, distributed under the terms of the GNU | |
14 | +dnl General Public License. As a special exception to the GNU General | |
15 | +dnl Public License, this file may be distributed as part of a program | |
16 | +dnl that contains a configuration script generated by Autoconf, under | |
17 | +dnl the same distribution terms as the rest of that program. | |
18 | + | |
19 | +dnl From Bruno Haible. | |
20 | + | |
21 | +AC_DEFUN([gl_SIZE_MAX], | |
22 | +[ | |
23 | + AC_CHECK_HEADERS(stdint.h) | |
24 | + dnl First test whether the system already has SIZE_MAX. | |
25 | + AC_MSG_CHECKING([for SIZE_MAX]) | |
26 | + result= | |
27 | + AC_EGREP_CPP([Found it], [ | |
28 | +#include <limits.h> | |
29 | +#if HAVE_STDINT_H | |
30 | +#include <stdint.h> | |
31 | +#endif | |
32 | +#ifdef SIZE_MAX | |
33 | +Found it | |
34 | +#endif | |
35 | +], result=yes) | |
36 | + if test -z "$result"; then | |
37 | + dnl Define it ourselves. Here we assume that the type 'size_t' is not wider | |
38 | + dnl than the type 'unsigned long'. | |
39 | + dnl The _AC_COMPUTE_INT macro works up to LONG_MAX, since it uses 'expr', | |
40 | + dnl which is guaranteed to work from LONG_MIN to LONG_MAX. | |
41 | + _AC_COMPUTE_INT([~(size_t)0 / 10], res_hi, | |
42 | + [#include <stddef.h>], result=?) | |
43 | + _AC_COMPUTE_INT([~(size_t)0 % 10], res_lo, | |
44 | + [#include <stddef.h>], result=?) | |
45 | + _AC_COMPUTE_INT([sizeof (size_t) <= sizeof (unsigned int)], fits_in_uint, | |
46 | + [#include <stddef.h>], result=?) | |
47 | + if test "$fits_in_uint" = 1; then | |
48 | + dnl Even though SIZE_MAX fits in an unsigned int, it must be of type | |
49 | + dnl 'unsigned long' if the type 'size_t' is the same as 'unsigned long'. | |
50 | + AC_TRY_COMPILE([#include <stddef.h> | |
51 | + extern size_t foo; | |
52 | + extern unsigned long foo; | |
53 | + ], [], fits_in_uint=0) | |
54 | + fi | |
55 | + if test -z "$result"; then | |
56 | + if test "$fits_in_uint" = 1; then | |
57 | + result="$res_hi$res_lo"U | |
58 | + else | |
59 | + result="$res_hi$res_lo"UL | |
60 | + fi | |
61 | + else | |
62 | + dnl Shouldn't happen, but who knows... | |
63 | + result='~(size_t)0' | |
64 | + fi | |
65 | + fi | |
66 | + AC_MSG_RESULT([$result]) | |
67 | + if test "$result" != yes; then | |
68 | + AC_DEFINE_UNQUOTED([SIZE_MAX], [$result], | |
69 | + [Define as the maximum value of type 'size_t', if the system doesn't define it.]) | |
70 | + fi | |
71 | +]) | |
72 | + | |
73 | + | |
74 | + | |
75 | +# xsize.m4 serial 3 | |
76 | +dnl Copyright (C) 2003-2004 Free Software Foundation, Inc. | |
77 | +dnl This file is free software, distributed under the terms of the GNU | |
78 | +dnl General Public License. As a special exception to the GNU General | |
79 | +dnl Public License, this file may be distributed as part of a program | |
80 | +dnl that contains a configuration script generated by Autoconf, under | |
81 | +dnl the same distribution terms as the rest of that program. | |
82 | + | |
83 | +AC_DEFUN([gl_XSIZE], | |
84 | +[ | |
85 | + dnl Prerequisites of lib/xsize.h. | |
86 | + AC_REQUIRE([gl_SIZE_MAX]) | |
87 | + AC_REQUIRE([AC_C_INLINE]) | |
88 | + AC_CHECK_HEADERS(stdint.h) | |
89 | +]) | |
90 | diff -urN cvs-nserver-1.11.1.52.org/config.h.in cvs-nserver-1.11.1.52/config.h.in | |
91 | --- cvs-nserver-1.11.1.52.org/config.h.in 2004-06-11 15:13:22.807441560 +0200 | |
92 | +++ cvs-nserver-1.11.1.52/config.h.in 2004-06-11 15:15:19.522698144 +0200 | |
93 | @@ -9,6 +9,10 @@ | |
94 | clients. */ | |
95 | #undef SERVER_SUPPORT | |
96 | ||
97 | +/* Define as the maximum value of type 'size_t', if the system doesn't define | |
98 | ++ it. */ | |
99 | +#undef SIZE_MAX | |
100 | + | |
101 | /* Define if you want to use the password authenticated server. */ | |
102 | #undef AUTH_SERVER_SUPPORT | |
103 | ||
104 | @@ -377,6 +381,12 @@ | |
105 | /* Define to `int' if <sys/types.h> doesn't define. */ | |
106 | #undef gid_t | |
107 | ||
108 | +/* Define to `__inline__' or `__inline' if that's what the C compiler | |
109 | + calls it, or to nothing if 'inline' is not supported under any name. */ | |
110 | +#ifndef __cplusplus | |
111 | +#undef inline | |
112 | +#endif | |
113 | + | |
114 | /* Define to `int' if <sys/types.h> does not define. */ | |
115 | #undef mode_t | |
116 | ||
117 | diff -urN cvs-nserver-1.11.1.52.org/configure.in cvs-nserver-1.11.1.52/configure.in | |
118 | --- cvs-nserver-1.11.1.52.org/configure.in 2004-06-11 15:13:22.811440952 +0200 | |
119 | +++ cvs-nserver-1.11.1.52/configure.in 2004-06-11 15:16:03.298043280 +0200 | |
120 | @@ -121,6 +121,8 @@ | |
121 | AC_TYPE_SIZE_T | |
122 | AC_TYPE_SIGNAL | |
123 | ||
124 | +gl_XSIZE | |
125 | + | |
126 | AC_STRUCT_ST_BLKSIZE | |
127 | AC_STRUCT_ST_RDEV | |
128 | AC_REPLACE_FUNCS(mkdir rename strstr dup2 strerror valloc waitpid memmove strtoul) | |
129 | diff -urN cvs-nserver-1.11.1.52.org/lib/Makefile.am cvs-nserver-1.11.1.52/lib/Makefile.am | |
130 | --- cvs-nserver-1.11.1.52.org/lib/Makefile.am 2004-06-11 15:13:22.873431528 +0200 | |
131 | +++ cvs-nserver-1.11.1.52/lib/Makefile.am 2004-06-11 15:16:50.173917064 +0200 | |
132 | @@ -83,6 +83,9 @@ | |
133 | build_lib.com \ | |
134 | xgssapi.h | |
135 | ||
136 | +# For the xsize module from GNULIB. | |
137 | +libcvs_a_SOURCES += xsize.h | |
138 | + | |
139 | # for backwards compatibility with the old makefiles | |
140 | realclean: maintainer-clean | |
141 | .PHONY: realclean | |
142 | diff -urN cvs-nserver-1.11.1.52.org/lib/Makefile.in cvs-nserver-1.11.1.52/lib/Makefile.in | |
143 | --- cvs-nserver-1.11.1.52.org/lib/Makefile.in 2004-06-11 15:13:22.874431376 +0200 | |
144 | +++ cvs-nserver-1.11.1.52/lib/Makefile.in 2004-06-11 15:14:13.013809032 +0200 | |
145 | @@ -128,6 +128,8 @@ | |
146 | # Also should look into unifying regular expression matching in CVS | |
147 | # with the diff library (perhaps to have the caller, CVS, do the | |
148 | # matching?) | |
149 | + | |
150 | +# For the xsize module from GNULIB. | |
151 | libcvs_a_SOURCES = \ | |
152 | argmatch.c \ | |
153 | ftruncate.c \ | |
154 | @@ -151,8 +153,8 @@ | |
155 | system.h \ | |
156 | wait.h \ | |
157 | xselect.h \ | |
158 | - xtime.h | |
159 | - | |
160 | + xtime.h\ | |
161 | +xsize.h | |
162 | libcvs_a_LIBADD = @LIBOBJS@ | |
163 | ||
164 | EXTRA_DIST = \ | |
165 | diff -urN cvs-nserver-1.11.1.52.org/lib/xsize.h cvs-nserver-1.11.1.52/lib/xsize.h | |
166 | --- cvs-nserver-1.11.1.52.org/lib/xsize.h 1970-01-01 01:00:00.000000000 +0100 | |
167 | +++ cvs-nserver-1.11.1.52/lib/xsize.h 2004-06-11 15:14:13.015808728 +0200 | |
168 | @@ -0,0 +1,108 @@ | |
169 | +/* xsize.h -- Checked size_t computations. | |
170 | + | |
171 | + Copyright (C) 2003 Free Software Foundation, Inc. | |
172 | + | |
173 | + This program is free software; you can redistribute it and/or modify | |
174 | + it under the terms of the GNU General Public License as published by | |
175 | + the Free Software Foundation; either version 2, or (at your option) | |
176 | + any later version. | |
177 | + | |
178 | + This program is distributed in the hope that it will be useful, | |
179 | + but WITHOUT ANY WARRANTY; without even the implied warranty of | |
180 | + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
181 | + GNU General Public License for more details. | |
182 | + | |
183 | + You should have received a copy of the GNU General Public License | |
184 | + along with this program; if not, write to the Free Software Foundation, | |
185 | + Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ | |
186 | + | |
187 | +#ifndef _XSIZE_H | |
188 | +#define _XSIZE_H | |
189 | + | |
190 | +/* Get size_t. */ | |
191 | +#include <stddef.h> | |
192 | + | |
193 | +/* Get SIZE_MAX. */ | |
194 | +#include <limits.h> | |
195 | +#if HAVE_STDINT_H | |
196 | +# include <stdint.h> | |
197 | +#endif | |
198 | + | |
199 | +/* The size of memory objects is often computed through expressions of | |
200 | + type size_t. Example: | |
201 | + void* p = malloc (header_size + n * element_size). | |
202 | + These computations can lead to overflow. When this happens, malloc() | |
203 | + returns a piece of memory that is way too small, and the program then | |
204 | + crashes while attempting to fill the memory. | |
205 | + To avoid this, the functions and macros in this file check for overflow. | |
206 | + The convention is that SIZE_MAX represents overflow. | |
207 | + malloc (SIZE_MAX) is not guaranteed to fail -- think of a malloc | |
208 | + implementation that uses mmap --, it's recommended to use size_overflow_p() | |
209 | + or size_in_bounds_p() before invoking malloc(). | |
210 | + The example thus becomes: | |
211 | + size_t size = xsum (header_size, xtimes (n, element_size)); | |
212 | + void *p = (size_in_bounds_p (size) ? malloc (size) : NULL); | |
213 | +*/ | |
214 | + | |
215 | +/* Convert an arbitrary value >= 0 to type size_t. */ | |
216 | +#define xcast_size_t(N) \ | |
217 | + ((N) <= SIZE_MAX ? (size_t) (N) : SIZE_MAX) | |
218 | + | |
219 | +/* Sum of two sizes, with overflow check. */ | |
220 | +static inline size_t | |
221 | +#if __GNUC__ >= 3 | |
222 | +__attribute__ ((__pure__)) | |
223 | +#endif | |
224 | +xsum (size_t size1, size_t size2) | |
225 | +{ | |
226 | + size_t sum = size1 + size2; | |
227 | + return (sum >= size1 ? sum : SIZE_MAX); | |
228 | +} | |
229 | + | |
230 | +/* Sum of three sizes, with overflow check. */ | |
231 | +static inline size_t | |
232 | +#if __GNUC__ >= 3 | |
233 | +__attribute__ ((__pure__)) | |
234 | +#endif | |
235 | +xsum3 (size_t size1, size_t size2, size_t size3) | |
236 | +{ | |
237 | + return xsum (xsum (size1, size2), size3); | |
238 | +} | |
239 | + | |
240 | +/* Sum of four sizes, with overflow check. */ | |
241 | +static inline size_t | |
242 | +#if __GNUC__ >= 3 | |
243 | +__attribute__ ((__pure__)) | |
244 | +#endif | |
245 | +xsum4 (size_t size1, size_t size2, size_t size3, size_t size4) | |
246 | +{ | |
247 | + return xsum (xsum (xsum (size1, size2), size3), size4); | |
248 | +} | |
249 | + | |
250 | +/* Maximum of two sizes, with overflow check. */ | |
251 | +static inline size_t | |
252 | +#if __GNUC__ >= 3 | |
253 | +__attribute__ ((__pure__)) | |
254 | +#endif | |
255 | +xmax (size_t size1, size_t size2) | |
256 | +{ | |
257 | + /* No explicit check is needed here, because for any n: | |
258 | + max (SIZE_MAX, n) == SIZE_MAX and max (n, SIZE_MAX) == SIZE_MAX. */ | |
259 | + return (size1 >= size2 ? size1 : size2); | |
260 | +} | |
261 | + | |
262 | +/* Multiplication of a count with an element size, with overflow check. | |
263 | + The count must be >= 0 and the element size must be > 0. | |
264 | + This is a macro, not an inline function, so that it works correctly even | |
265 | + when N is of a wider tupe and N > SIZE_MAX. */ | |
266 | +#define xtimes(N, ELSIZE) \ | |
267 | + ((N) <= SIZE_MAX / (ELSIZE) ? (size_t) (N) * (ELSIZE) : SIZE_MAX) | |
268 | + | |
269 | +/* Check for overflow. */ | |
270 | +#define size_overflow_p(SIZE) \ | |
271 | + ((SIZE) == SIZE_MAX) | |
272 | +/* Check against overflow. */ | |
273 | +#define size_in_bounds_p(SIZE) \ | |
274 | + ((SIZE) != SIZE_MAX) | |
275 | + | |
276 | +#endif /* _XSIZE_H */ | |
277 | diff -urN cvs-nserver-1.11.1.52.org/src/commit.c cvs-nserver-1.11.1.52/src/commit.c | |
278 | --- cvs-nserver-1.11.1.52.org/src/commit.c 2004-06-11 15:13:22.631468312 +0200 | |
279 | +++ cvs-nserver-1.11.1.52/src/commit.c 2004-06-11 15:14:13.030806448 +0200 | |
280 | @@ -476,7 +476,12 @@ | |
281 | operate on, and only work with those files in the future. | |
282 | This saves time--we don't want to search the file system | |
283 | of the working directory twice. */ | |
284 | - find_args.argv = (char **) xmalloc (find_args.argc * sizeof (char **)); | |
285 | + if (size_overflow_p (xtimes (find_args.argc, sizeof (char **)))) | |
286 | + { | |
287 | + find_args.argc = 0; | |
288 | + return 0; | |
289 | + } | |
290 | + find_args.argv = xmalloc (xtimes (find_args.argc, sizeof (char **))); | |
291 | find_args.argc = 0; | |
292 | walklist (find_args.ulist, copy_ulist, &find_args); | |
293 | ||
294 | diff -urN cvs-nserver-1.11.1.52.org/src/cvs.h cvs-nserver-1.11.1.52/src/cvs.h | |
295 | --- cvs-nserver-1.11.1.52.org/src/cvs.h 2004-06-11 15:13:22.711456152 +0200 | |
296 | +++ cvs-nserver-1.11.1.52/src/cvs.h 2004-06-11 15:14:13.039805080 +0200 | |
297 | @@ -37,6 +37,10 @@ | |
298 | #include "popen.h" | |
299 | #endif | |
300 | ||
301 | +/* Begin GNULIB headers. */ | |
302 | +#include "xsize.h" | |
303 | +/* End GNULIB headers. */ | |
304 | + | |
305 | #ifdef STDC_HEADERS | |
306 | #include <stdlib.h> | |
307 | #else | |
308 | diff -urN cvs-nserver-1.11.1.52.org/src/filesubr.c cvs-nserver-1.11.1.52/src/filesubr.c | |
309 | --- cvs-nserver-1.11.1.52.org/src/filesubr.c 2004-06-11 15:13:22.638467248 +0200 | |
310 | +++ cvs-nserver-1.11.1.52/src/filesubr.c 2004-06-11 15:14:13.042804624 +0200 | |
311 | @@ -925,8 +925,14 @@ | |
312 | char ***pargv; | |
313 | { | |
314 | int i; | |
315 | + if (size_overflow_p (xtimes (argc, sizeof (char *)))) { | |
316 | + *pargc = 0; | |
317 | + *pargv = NULL; | |
318 | + error (0, 0, "expand_wild: too many arguments"); | |
319 | + return; | |
320 | + } | |
321 | *pargc = argc; | |
322 | - *pargv = (char **) xmalloc (argc * sizeof (char *)); | |
323 | + *pargv = xmalloc (xtimes (argc, sizeof (char *))); | |
324 | for (i = 0; i < argc; ++i) | |
325 | (*pargv)[i] = xstrdup (argv[i]); | |
326 | } | |
327 | diff -urN cvs-nserver-1.11.1.52.org/src/history.c cvs-nserver-1.11.1.52/src/history.c | |
328 | --- cvs-nserver-1.11.1.52.org/src/history.c 2004-06-11 15:13:22.642466640 +0200 | |
329 | +++ cvs-nserver-1.11.1.52/src/history.c 2004-06-11 15:14:13.046804016 +0200 | |
330 | @@ -417,8 +417,11 @@ | |
331 | working = 1; | |
332 | break; | |
333 | case 'X': /* Undocumented debugging flag */ | |
334 | +#ifdef DEBUG | |
335 | histfile = optarg; | |
336 | +#endif | |
337 | break; | |
338 | + | |
339 | case 'D': /* Since specified date */ | |
340 | if (*since_rev || *since_tag || *backto) | |
341 | { | |
342 | @@ -900,9 +903,13 @@ | |
343 | { | |
344 | if (user_count == user_max) | |
345 | { | |
346 | - user_max += USER_INCREMENT; | |
347 | - user_list = (char **) xrealloc ((char *) user_list, | |
348 | - (int) user_max * sizeof (char *)); | |
349 | + user_max = xsum (user_max, USER_INCREMENT); | |
350 | + if (size_overflow_p (xtimes (user_max, sizeof (char *)))) | |
351 | + { | |
352 | + error (0, 0, "save_user: too many users"); | |
353 | + return; | |
354 | + } | |
355 | + user_list = xrealloc (user_list, xtimes (user_max, sizeof (char *))); | |
356 | } | |
357 | user_list[user_count++] = xstrdup (name); | |
358 | } | |
359 | @@ -930,9 +937,13 @@ | |
360 | ||
361 | if (file_count == file_max) | |
362 | { | |
363 | - file_max += FILE_INCREMENT; | |
364 | - file_list = (struct file_list_str *) xrealloc ((char *) file_list, | |
365 | - file_max * sizeof (*fl)); | |
366 | + file_max = xsum (file_max, FILE_INCREMENT); | |
367 | + if (size_overflow_p (xtimes (file_max, sizeof (*fl)))) | |
368 | + { | |
369 | + error (0, 0, "save_file: too many files"); | |
370 | + return; | |
371 | + } | |
372 | + file_list = xrealloc (file_list, xtimes (file_max, sizeof (*fl))); | |
373 | } | |
374 | fl = &file_list[file_count++]; | |
375 | fl->l_file = cp = xmalloc (strlen (dir) + strlen (name) + 2); | |
376 | @@ -971,9 +982,13 @@ | |
377 | { | |
378 | if (mod_count == mod_max) | |
379 | { | |
380 | - mod_max += MODULE_INCREMENT; | |
381 | - mod_list = (char **) xrealloc ((char *) mod_list, | |
382 | - mod_max * sizeof (char *)); | |
383 | + mod_max = xsum (mod_max, MODULE_INCREMENT); | |
384 | + if (size_overflow_p (xtimes (mod_max, sizeof (char *)))) | |
385 | + { | |
386 | + error (0, 0, "save_module: too many modules"); | |
387 | + return; | |
388 | + } | |
389 | + mod_list = xrealloc (mod_list, xtimes (mod_max, sizeof (char *))); | |
390 | } | |
391 | mod_list[mod_count++] = xstrdup (module); | |
392 | } | |
393 | diff -urN cvs-nserver-1.11.1.52.org/src/server.c cvs-nserver-1.11.1.52/src/server.c | |
394 | --- cvs-nserver-1.11.1.52.org/src/server.c 2004-06-11 15:13:22.702457520 +0200 | |
395 | +++ cvs-nserver-1.11.1.52/src/server.c 2004-06-11 15:20:44.835243120 +0200 | |
396 | @@ -914,7 +914,7 @@ | |
397 | int i; | |
398 | char *p; | |
399 | ||
400 | - if (lim < 0) | |
401 | + if (lim < 0 || lim > 10000) | |
402 | return; | |
403 | p = malloc (strlen (server_temp_dir) + 2 * lim + 10); | |
404 | if (p == NULL) | |
405 | @@ -1977,6 +1977,9 @@ | |
406 | { | |
407 | char *cp; | |
408 | ||
409 | + if (!data[0]) | |
410 | + goto error; | |
411 | + | |
412 | if (strchr (data, '+')) | |
413 | goto error; | |
414 | ||
415 | @@ -2108,6 +2111,14 @@ | |
416 | char *p; | |
417 | ||
418 | if (error_pending()) return; | |
419 | + | |
420 | + if (argument_count >= 10000) | |
421 | + { | |
422 | + if (alloc_pending (80)) | |
423 | + sprintf (pending_error_text, | |
424 | + "E Protocol error: too many arguments"); | |
425 | + return; | |
426 | + } | |
427 | ||
428 | if (argument_vector_size <= argument_count + 1) | |
429 | { | |
430 | @@ -2139,6 +2150,14 @@ | |
431 | char *p; | |
432 | ||
433 | if (error_pending()) return; | |
434 | + | |
435 | + if (argument_count <= 1) | |
436 | + { | |
437 | + if (alloc_pending (80)) | |
438 | + sprintf (pending_error_text, | |
439 | + "E Protocol error: called argumentx without prior call to argument"); | |
440 | + return; | |
441 | + } | |
442 | ||
443 | p = argument_vector[argument_count - 1]; | |
444 | p = realloc (p, strlen (p) + 1 + strlen (arg) + 1); | |
445 | @@ -2496,7 +2515,7 @@ | |
446 | save some code here... -kff */ | |
447 | ||
448 | /* Chop newline by hand, for strcmp()'s sake. */ | |
449 | - if (linebuf[num_red - 1] == '\n') | |
450 | + if (num_red > 0 && linebuf[num_red - 1] == '\n') | |
451 | linebuf[num_red - 1] = '\0'; | |
452 | ||
453 | if (strcmp (linebuf, CVS_Username) == 0) | |
454 | diff -urN cvs-nserver-1.11.1.52.org/src/wrapper.c cvs-nserver-1.11.1.52/src/wrapper.c | |
455 | --- cvs-nserver-1.11.1.52.org/src/wrapper.c 2004-06-11 15:13:22.708456608 +0200 | |
456 | +++ cvs-nserver-1.11.1.52/src/wrapper.c 2004-06-11 15:14:13.083798392 +0200 | |
457 | @@ -252,6 +252,30 @@ | |
458 | #endif /* SERVER_SUPPORT || CLIENT_SUPPORT */ | |
459 | ||
460 | /* | |
461 | + * Remove fmt str specifier other than %% or %s. And allow | |
462 | + * only max_s %s specifiers | |
463 | + */ | |
464 | +wrap_clean_fmt_str(char *fmt, int max_s) | |
465 | +{ | |
466 | + while (*fmt) { | |
467 | + if (fmt[0] == '%' && fmt[1]) | |
468 | + { | |
469 | + if (fmt[1] == '%') | |
470 | + fmt++; | |
471 | + else | |
472 | + if (fmt[1] == 's' && max_s > 0) | |
473 | + { | |
474 | + max_s--; | |
475 | + fmt++; | |
476 | + } else | |
477 | + *fmt = ' '; | |
478 | + } | |
479 | + fmt++; | |
480 | + } | |
481 | + return; | |
482 | +} | |
483 | + | |
484 | +/* | |
485 | * Open a file and read lines, feeding each line to a line parser. Arrange | |
486 | * for keeping a temporary list of wrappers at the end, if the "temp" | |
487 | * argument is set. | |
488 | @@ -575,9 +599,8 @@ | |
489 | args = xmalloc (strlen (e->tocvsFilter) | |
490 | + strlen (fileName) | |
491 | + strlen (buf)); | |
492 | - /* FIXME: sprintf will blow up if the format string contains items other | |
493 | - than %s, or contains too many %s's. We should instead be parsing | |
494 | - e->tocvsFilter ourselves and giving a real error. */ | |
495 | + | |
496 | + wrap_clean_fmt_str(e->tocvsFilter, 2); | |
497 | sprintf (args, e->tocvsFilter, fileName, buf); | |
498 | run_setup (args); | |
499 | run_exec(RUN_TTY, RUN_TTY, RUN_TTY, RUN_NORMAL|RUN_REALLY ); | |
500 | @@ -609,9 +632,8 @@ | |
501 | ||
502 | args = xmalloc (strlen (e->fromcvsFilter) | |
503 | + strlen (fileName)); | |
504 | - /* FIXME: sprintf will blow up if the format string contains items other | |
505 | - than %s, or contains too many %s's. We should instead be parsing | |
506 | - e->fromcvsFilter ourselves and giving a real error. */ | |
507 | + | |
508 | + wrap_clean_fmt_str(e->fromcvsFilter, 1); | |
509 | sprintf (args, e->fromcvsFilter, fileName); | |
510 | run_setup (args); | |
511 | run_exec(RUN_TTY, RUN_TTY, RUN_TTY, RUN_NORMAL ); |