od: Don't advance past end of type string
Currently, if you specify -t x, then s is advanced once in the switch statement to determine the length, and then once again in the for loop, resulting in a read past the end of the argument. Also, use sizeof(int) when no length is specified, as specified by POSIX.
This commit is contained in:
Michael Forney
sin
parent
5ae2793da6
commit
49e1854600
20
od.c
20
od.c
|
|
@ -196,7 +196,7 @@ main(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
FILE *fp;
|
FILE *fp;
|
||||||
struct type *t;
|
struct type *t;
|
||||||
int ret = 0;
|
int ret = 0, len;
|
||||||
char *s;
|
char *s;
|
||||||
|
|
||||||
big_endian = (*(uint16_t *)"\0\xff" == 0xff);
|
big_endian = (*(uint16_t *)"\0\xff" == 0xff);
|
||||||
|
|
@ -244,30 +244,28 @@ main(int argc, char *argv[])
|
||||||
case 'o':
|
case 'o':
|
||||||
case 'u':
|
case 'u':
|
||||||
case 'x':
|
case 'x':
|
||||||
t = emalloc(sizeof(*t));
|
|
||||||
t->format = *s;
|
|
||||||
/* todo: allow multiple digits */
|
/* todo: allow multiple digits */
|
||||||
if (*(s+1) > '0' && *(s+1) <= '9') {
|
if (*(s+1) > '0' && *(s+1) <= '9') {
|
||||||
t->len = *(++s) - '0';
|
len = *(s+1) - '0';
|
||||||
} else {
|
} else {
|
||||||
switch (*(++s)) {
|
switch (*(s+1)) {
|
||||||
case 'C':
|
case 'C':
|
||||||
t->len = sizeof(char);
|
len = sizeof(char);
|
||||||
break;
|
break;
|
||||||
case 'S':
|
case 'S':
|
||||||
t->len = sizeof(short);
|
len = sizeof(short);
|
||||||
break;
|
break;
|
||||||
case 'I':
|
case 'I':
|
||||||
t->len = sizeof(int);
|
len = sizeof(int);
|
||||||
break;
|
break;
|
||||||
case 'L':
|
case 'L':
|
||||||
t->len = sizeof(long);
|
len = sizeof(long);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
t->len = 4;
|
len = sizeof(int);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
TAILQ_INSERT_TAIL(&head, t, entry);
|
addtype(*s++, len);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
usage();
|
usage();
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user