]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b33c2d9)
MFH: fix buffer lengths passed to snprintf
authorRob Richards <rrichards@php.net>
Wed, 5 Oct 2005 22:36:10 +0000 (22:36 +0000)
committerRob Richards <rrichards@php.net>
Wed, 5 Oct 2005 22:36:10 +0000 (22:36 +0000)
ext/wddx/php_wddx_api.h patch | blob | history
ext/wddx/wddx.c patch | blob | history

diff --git a/ext/wddx/php_wddx_api.h b/ext/wddx/php_wddx_api.h
index edd788498e571ea26b6d2bd4abdfdc17ff65c278..3c62f7020501c59cb4637f22429d892a88b672c6 100644 (file)
--- a/ext/wddx/php_wddx_api.h
+++ b/ext/wddx/php_wddx_api.h
@@ -47,6 +47,9 @@
 #define WDDX_VAR_S                             "<var name='%s'>"
 #define WDDX_VAR_E                             "</var>"
 
+#define WDDX_NUMBER_LEN                        17
+#define WDDX_VAR_S_LEN                 13
+
 #define php_wddx_add_chunk(packet, str)        smart_str_appends(packet, str)
 #define php_wddx_add_chunk_ex(packet, str, len)        smart_str_appendl(packet, str, len)
 #define php_wddx_add_chunk_static(packet, str) smart_str_appendl(packet, str, sizeof(str)-1)
diff --git a/ext/wddx/wddx.c b/ext/wddx/wddx.c
index 3bd8bcf5969c2aba2eebcfcd9d371b4b10ccb892..14da1cb95262c90a6d360f8a38f16d6b604e520c 100644 (file)
--- a/ext/wddx/wddx.c
+++ b/ext/wddx/wddx.c
@@ -422,7 +422,7 @@ static void php_wddx_serialize_number(wddx_packet *packet, zval *var)
        tmp = *var;
        zval_copy_ctor(&tmp);
        convert_to_string(&tmp);
-       snprintf(tmp_buf, Z_STRLEN(tmp), WDDX_NUMBER, Z_STRVAL(tmp));
+       snprintf(tmp_buf, Z_STRLEN(tmp) + WDDX_NUMBER_LEN + 1, WDDX_NUMBER, Z_STRVAL(tmp));
        zval_dtor(&tmp);
 
        php_wddx_add_chunk(packet, tmp_buf);    
@@ -624,8 +624,8 @@ void php_wddx_serialize_var(wddx_packet *packet, zval *var, char *name, int name
 
        if (name) {
                name_esc = php_escape_html_entities(name, name_len, &name_esc_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
-               tmp_buf = emalloc(name_esc_len + 1);
-               snprintf(tmp_buf, name_esc_len, WDDX_VAR_S, name_esc);
+               tmp_buf = emalloc(name_esc_len + WDDX_VAR_S_LEN + 1);
+               snprintf(tmp_buf, name_esc_len + WDDX_VAR_S_LEN + 1, WDDX_VAR_S, name_esc);
                php_wddx_add_chunk(packet, tmp_buf);
                efree(tmp_buf);
                efree(name_esc);
Unnamed repository; edit this file 'description' to name the repository.