manoj 99/11/05 13:16:19
Modified: src/lib/apr/file_io/os2 readwrite.c src/lib/apr/file_io/win32 readwrite.c Log: Rewrite ap_fprintf to be uniform on all platforms. This fixes a memory leak and potential buffer overflow. Revision Changes Path 1.7 +4 -8 apache-2.0/src/lib/apr/file_io/os2/readwrite.c Index: readwrite.c =================================================================== RCS file: /home/cvs/apache-2.0/src/lib/apr/file_io/os2/readwrite.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -d -u -r1.6 -r1.7 --- readwrite.c 1999/11/03 12:47:22 1.6 +++ readwrite.c 1999/11/05 21:16:16 1.7 @@ -328,7 +328,6 @@ { int cc; va_list ap; - ap_vformatter_buff_t vbuff; char *buf; int len; @@ -336,15 +335,12 @@ if (buf == NULL) { return 0; } - /* save one byte for nul terminator */ - vbuff.curpos = buf; - vbuff.endpos = buf + len - 1; va_start(ap, format); - vsprintf(buf, format, ap); - len = strlen(buf); - cc = ap_write(fptr, buf, &len); + len = ap_vsnprintf(buf, HUGE_STRING_LEN, format, ap); + cc = ap_puts(buf, fptr); va_end(ap); - return (cc == -1) ? len : cc; + free(buf); + return (cc == APR_SUCCESS) ? len : -1; } 1.8 +4 -13 apache-2.0/src/lib/apr/file_io/win32/readwrite.c Index: readwrite.c =================================================================== RCS file: /home/cvs/apache-2.0/src/lib/apr/file_io/win32/readwrite.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -u -r1.7 -r1.8 --- readwrite.c 1999/11/01 22:16:51 1.7 +++ readwrite.c 1999/11/05 21:16:18 1.8 @@ -256,7 +256,6 @@ { int cc; va_list ap; - ap_vformatter_buff_t vbuff; char *buf; int len; @@ -264,20 +263,12 @@ if (buf == NULL) { return 0; } - /* save one byte for nul terminator */ - vbuff.curpos = buf; - vbuff.endpos = buf + len - 1; va_start(ap, format); -#if 0 - cc = ap_vformatter(printf_flush, &vbuff, format, ap); - va_end(ap); - *vbuff.curpos = '\0'; -#endif - vsprintf(buf, format, ap); - len = strlen(buf); - cc = ap_write(fptr, buf, &len); + len = ap_vsnprintf(buf, HUGE_STRING_LEN, format, ap); + cc = ap_puts(buf, fptr); va_end(ap); - return (cc == -1) ? len : cc; + free(buf); + return (cc == APR_SUCCESS) ? len : -1; }