mirrors/Nim
1
0
Fork 0
mirror of https://github.com/nim-lang/Nim.git synced 2025-12-28 17:04:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixes #23304; uses snprintf instead of sprintf (#23322)

Browse Source 
fixes #23304

(cherry picked from commit dfd778d056)
This commit is contained in:
ringabout
2024-02-20 14:28:45 +08:00
committed by narimiran
parent 845be91df5
commit 6d38eafda1
4 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/pure/strutils.nim
View File

@@ -2417,8 +2417,8 @@ func validIdentifier*(s: string): bool {.rtl, extern: "nsuValidIdentifier".} =
# floating point formatting:
when not defined(js):
func c_sprintf(buf, frmt: cstring): cint {.header: "<stdio.h>",
importc: "sprintf", varargs.}
func c_snprintf(buf: cstring, n: csize_t, frmt: cstring): cint {.header: "<stdio.h>",
importc: "snprintf", varargs.}
type
FloatFormatMode* = enum
@@ -2451,7 +2451,7 @@ func formatBiggestFloat*(f: BiggestFloat, format: FloatFormatMode = ffDefault,
when defined(js):
var precision = precision
if precision == -1:
# use the same default precision as c_sprintf
# use the same default precision as c_snprintf
precision = 6
var res: cstring
case format
@@ -2482,11 +2482,11 @@ func formatBiggestFloat*(f: BiggestFloat, format: FloatFormatMode = ffDefault,
frmtstr[3] = '*'
frmtstr[4] = floatFormatToChar[format]
frmtstr[5] = '\0'
L = c_sprintf(cast[cstring](addr buf), cast[cstring](addr frmtstr), precision, f)
L = c_snprintf(cast[cstring](addr buf), csize_t(2501), cast[cstring](addr frmtstr), precision, f)
else:
frmtstr[1] = floatFormatToChar[format]
frmtstr[2] = '\0'
L = c_sprintf(cast[cstring](addr buf), cast[cstring](addr frmtstr), f)
L = c_snprintf(cast[cstring](addr buf), csize_t(2501), cast[cstring](addr frmtstr), f)
result = newString(L)
for i in 0 ..< L:
# Depending on the locale either dot or comma is produced,

6
lib/std/formatfloat.nim
View File

@@ -35,8 +35,8 @@ proc writeFloatToBufferRoundtrip*(buf: var array[65, char]; value: float32): int
result = float32ToChars(buf, value, forceTrailingDotZero=true).int
buf[result] = '\0'
proc c_sprintf(buf, frmt: cstring): cint {.header: "<stdio.h>",
importc: "sprintf", varargs, noSideEffect.}
proc c_snprintf(buf: cstring, n: csize_t, frmt: cstring): cint {.header: "<stdio.h>",
importc: "snprintf", varargs, noSideEffect.}
proc writeToBuffer(buf: var array[65, char]; value: cstring) =
var i = 0
@@ -49,7 +49,7 @@ proc writeFloatToBufferSprintf*(buf: var array[65, char]; value: BiggestFloat):
##
## returns the amount of bytes written to `buf` not counting the
## terminating '\0' character.
var n = c_sprintf(cast[cstring](addr buf), "%.16g", value).int
var n = c_snprintf(cast[cstring](addr buf), 65, "%.16g", value).int
var hasDot = false
for i in 0..n-1:
if buf[i] == ',':

3
lib/system/ansi_c.nim
View File

@@ -187,6 +187,9 @@ proc c_sprintf*(buf, frmt: cstring): cint {.
importc: "sprintf", header: "<stdio.h>", varargs, noSideEffect.}
# we use it only in a way that cannot lead to security issues
proc c_snprintf*(buf: cstring, n: csize_t, frmt: cstring): cint {.
importc: "snprintf", header: "<stdio.h>", varargs, noSideEffect.}
when defined(zephyr) and not defined(zephyrUseLibcMalloc):
proc c_malloc*(size: csize_t): pointer {.
importc: "k_malloc", header: "<kernel.h>".}

2
lib/system/repr.nim
View File

@@ -17,7 +17,7 @@ proc reprFloat(x: float): string {.compilerproc.} = return $x
proc reprPointer(x: pointer): string {.compilerproc.} =
result = newString(60)
let n = c_sprintf(cast[cstring](addr result[0]), "%p", x)
let n = c_snprintf(cast[cstring](addr result[0]), csize_t(60), "%p", x)
setLen(result, n)
proc reprStrAux(result: var string, s: cstring; len: int) =