From ee545a48282a2801957a3165ea22084c477450cc Mon Sep 17 00:00:00 2001 From: Mark Pizzolato Date: Sun, 13 Mar 2022 13:23:05 -0700 Subject: [PATCH] SCP: Assure that all formatted numbers have sufficient buffer space --- scp.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/scp.c b/scp.c index 478f3829..98735615 100644 --- a/scp.c +++ b/scp.c @@ -248,6 +248,9 @@ #ifndef MIN #define MIN(a,b) (((a) <= (b)) ? (a) : (b)) #endif +/* Max width of a value expressed as a formatted string */ +#define MAX_WIDTH ((int) ((CHAR_BIT * sizeof (t_value) * 4 + 3)/3)) + /* search logical and boolean ops */ @@ -6469,7 +6472,7 @@ return SCPE_OK; const char *sprint_capac (DEVICE *dptr, UNIT *uptr) { -static char capac_buf[((CHAR_BIT * sizeof (t_value) * 4 + 3)/3) + 12]; +static char capac_buf[MAX_WIDTH + 12]; t_addr kval = (uptr->flags & UNIT_BINK)? 1024: 1000; t_addr mval; double remfrac; @@ -11668,7 +11671,6 @@ return val * negate; t_stat sprint_val (char *buffer, t_value val, uint32 radix, uint32 width, uint32 format) { -#define MAX_WIDTH ((int) ((CHAR_BIT * sizeof (t_value) * 4 + 3)/3)) t_value owtest, wtest; t_bool negative = FALSE; int32 d, digit, ndigits, commas = 0; @@ -11679,8 +11681,7 @@ if (((format == PV_LEFTSIGN) || (format == PV_RCOMMASIGN)) && val = (t_value)(-((t_svalue)val)); negative = TRUE; } -for (d = 0; d < MAX_WIDTH; d++) - dbuf[d] = (format == PV_RZRO)? '0': ' '; +memset (dbuf, (format == PV_RZRO)? '0': ' ', MAX_WIDTH); dbuf[MAX_WIDTH] = 0; d = MAX_WIDTH; do { @@ -12848,13 +12849,14 @@ if (spc < SIM_BKPT_N_SPC) { const char *sim_brk_message(void) { static char msg[256]; -char addr[65]; +char addr[MAX_WIDTH]; char buf[32]; msg[0] = '\0'; if (sim_vm_sprint_addr) sim_vm_sprint_addr (addr, sim_dflt_dev, (t_value)sim_brk_match_addr); -else sprint_val (addr, (t_value)sim_brk_match_addr, sim_dflt_dev->aradix, sim_dflt_dev->awidth, PV_LEFT); +else + sprint_val (addr, (t_value)sim_brk_match_addr, sim_dflt_dev->aradix, sim_dflt_dev->awidth, PV_LEFT); if (sim_brk_type_desc) { BRKTYPTAB *brk = sim_brk_type_desc; @@ -13771,7 +13773,7 @@ static const char *sim_debug_prefix (uint32 dbits, DEVICE* dptr, UNIT* uptr) const char* debug_type = _get_dbg_verb (dbits, dptr, uptr); char tim_t[32] = ""; char tim_a[32] = ""; -char pc_s[64] = ""; +char pc_s[MAX_WIDTH] = ""; struct timespec time_now; if (sim_deb_switches & (SWMASK ('T') | SWMASK ('R') | SWMASK ('A'))) { @@ -15859,7 +15861,7 @@ return ((*gptr == '\0') && (*string)); static t_svalue sim_eval_postfix (Stack *stack1, t_stat *stat) { Stack *stack2 = new_Stack(); /* local working stack2 which is holds the numbers operators */ -char temp_data[CBUFSIZE]; /* Holds the items popped from the stack2 */ +char temp_data[CBUFSIZE + 2]; /* Holds the items popped from the stack2 */ Operator *temp_op; t_svalue temp_val; char temp_string[CBUFSIZE + 2];