size *= 2; \
XMALLOC_OR_ALLOCA(buf,size,type); \
ret = 0; \
- } else if ( ret > size ) { \
+ } else if ( (size_t)ret > (size_t)size ) { \
/* We need more space, so we need to allocate it */ \
XMALLOC_UNBIND(buf,size,spec); \
size = ret + 1; \
{
char buf[sizeof(value)*2+1];
int n = snprintf(buf,sizeof(buf),"0x%p",value);
- assert(n>=0 && n<sizeof(buf));
+ assert(n>=0 && (size_t)n<sizeof(buf));
write_c_string(buf,stream);
}
* re-writing _doprnt to be more sane)?
* -wsr
*/
-void float_to_string(char *buf, fpfloat data)
+void float_to_string(char *buf, fpfloat data, int maxlen)
{
Bufbyte *cp, c;
- int width;
+ int width, sz;
if (NILP(Vfloat_output_format) || !STRINGP(Vfloat_output_format)) {
lose:
#if fpfloat_double_p
- sprintf(buf, "%.16g", data);
+ sz = snprintf(buf, maxlen, "%.16g", data);
#elif fpfloat_long_double_p
- sprintf(buf, "%.16Lg", data);
+ sz = snprintf(buf, maxlen, "%.16Lg", data);
#endif
+ assert(sz>=0 && sz<maxlen);
} else { /* oink oink */
/* Check that the spec we have is fully valid.
if (cp[1] != 0)
goto lose;
- sprintf(buf, (char *)XSTRING_DATA(Vfloat_output_format), data);
+ sz = snprintf(buf, maxlen,
+ (char *)XSTRING_DATA(Vfloat_output_format), data);
+ assert(sz>=0 && sz < maxlen);
}
/* added by jwz: don't allow "1.0" to print as "1"; that destroys
{
Bufbyte *s = (Bufbyte *) buf; /* don't use signed chars here!
isdigit() can't hack them! */
- if (*s == '-')
+ if (*s == '-') {
s++;
+ maxlen--;
+ assert(maxlen>0);
+ }
for (; *s; s++)
/* if there's a non-digit, then there is a decimal point, or
it's in exponential notation, both of which are ok. */
if (!isdigit(*s))
goto DONE_LABEL;
/* otherwise, we need to hack it. */
+ maxlen-=2;
+ assert(maxlen>0);
*s++ = '.';
*s++ = '0';
*s = 0;
/* Some machines print "0.4" as ".4". I don't like that. */
if (buf[0] == '.' || (buf[0] == '-' && buf[1] == '.')) {
+ assert(maxlen>0);
int i;
for (i = strlen(buf) + 1; i >= 0; i--)
buf[i + 1] = buf[i];
#endif /* HAVE_FPFLOAT */
/* Print NUMBER to BUFFER.
- This is equivalent to sprintf (buffer, "%ld", number), only much faster.
+ This is equivalent to snprintf (buffer, maxlen, "%ld", number), only much faster.
BUFFER should accept 24 bytes. This should suffice for the longest
numbers on 64-bit machines, including the `-' sign and the trailing
'\0'. Returns a pointer to the trailing '\0'. */
-char *long_to_string(char *buffer, long number)
+char *long_to_string(char *buffer, long number, int maxlen)
{
#if (SIZEOF_LONG != 4) && (SIZEOF_LONG != 8)
/* Huh? */
- sprintf(buffer, "%ld", number);
+ int sz = snprintf(buffer, maxlen, "%ld", number);
+ assert(sz>=0 && sz < maxlen);
return buffer + strlen(buffer);
#else /* (SIZEOF_LONG == 4) || (SIZEOF_LONG == 8) */
char *p = buffer;
*p++ = '-';
number = -number;
}
-#define FROB(figure) do { \
- if (force || number >= figure) \
- *p++ = number / figure + '0', number %= figure, force = 1; \
- } while (0)
+#define FROB(figure) \
+ do { \
+ if (force || number >= figure) { \
+ *p++ = number / figure + '0'; \
+ number %= figure; \
+ force = 1; \
+ --maxlen; \
+ assert(maxlen>0); \
+ } \
+ } while (0)
#if SIZEOF_LONG == 8
FROB(1000000000000000000L);
FROB(100000000000000000L);
badness_string, badness);
break;
}
- assert(len >= 0 && len < sizeof(buf));
+ assert(len >= 0 && (size_t)len < sizeof(buf));
/* Don't abort or signal if called from debug_print() or already
crashing */
if (EQ(obj, being_printed[i])) {
char buf[32];
*buf = '#';
- long_to_string(buf + 1, i);
+ long_to_string(buf + 1, i, sizeof(buf)-1);
write_c_string(buf, printcharfun);
return;
}
/* ASCII Decimal representation uses 2.4 times as many bits as
machine binary. */
char buf[3 * sizeof(EMACS_INT) + 5];
- long_to_string(buf, XINT(obj));
+ long_to_string(buf, XINT(obj),sizeof(buf));
write_c_string(buf, printcharfun);
break;
}