From bc31d1c7241bb037c6fa4ca0563afe22e99894c0 Mon Sep 17 00:00:00 2001 From: David McCullough Date: Tue, 17 Sep 2002 01:40:47 +0000 Subject: Fix a memory corruption bug. With gcc, sizeof on a sized array argument to a function returns 4, not 16 as was expected in this code. This caused inet_ntoa to overwrite whatever came before the buffer in the BSS by up to 12 bytes. --- libc/inet/addr.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'libc/inet') diff --git a/libc/inet/addr.c b/libc/inet/addr.c index 7751b6bc2..df14fd09f 100644 --- a/libc/inet/addr.c +++ b/libc/inet/addr.c @@ -84,14 +84,17 @@ unsigned long inet_addr(const char *cp) #endif #ifdef L_inet_ntoa -char *inet_ntoa_r(struct in_addr in, char buf[16]) + +#define INET_NTOA_MAX_LEN 16 /* max 12 digits + 3 '.'s + 1 nul */ + +char *inet_ntoa_r(struct in_addr in, char buf[INET_NTOA_MAX_LEN]) { unsigned long addr = ntohl(in.s_addr); int i; char *p, *q; q = 0; - p = buf + sizeof(buf) - 1; + p = buf + INET_NTOA_MAX_LEN - 1; /* cannot use sizeof(buf) here */ for (i=0 ; i < 4 ; i++ ) { p = _int10tostr(p, addr & 0xff) - 1; addr >>= 8; @@ -106,7 +109,7 @@ char *inet_ntoa_r(struct in_addr in, char buf[16]) char *inet_ntoa(struct in_addr in) { - static char buf[16]; /* max 12 digits + 3 '.'s + 1 nul */ + static char buf[INET_NTOA_MAX_LEN]; return(inet_ntoa_r(in, buf)); } #endif -- cgit v1.2.3