| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is to avoid bugs like http://code.google.com/p/chromium/issues/detail?id=118064 in the future. Positional parameters are supported by the VC++ runtime via the set of "_p" flavored printf-like routines. MSDN claims that "By default the positional functions behave identically to the non position ones, if no positional formatting is present."
There is a little difference that require some attention though. Currently base::vsnprintf and base::vswprintf wrappers use "_s" functions (so called "security enhanced versions"). Judging by looking at the CRT code, _p functions implement the same checks as _s ones do. The base wrappers call the CRT routines so that count == (sizeOfBuffer - 1). This reduces most of the additional code in _vsnprintf_s (comparing to _vsprintf_p) to no-op. Namely:
1. When truncation happens the tail of the buffer is filled with a pattern:
_SECURECRT__FILL_STRING(string, sizeInBytes, count + 1);
This does not happen in our case because sizeInBytes == count + 1.
2. The special case check shown below was never true since sizeInBytes != count in our case:
if (count == 0 && string == NULL && sizeInBytes == 0)
3. The following checks in _vsnprintf_s are also implemented in _vsnprintf_helper:
_VALIDATE_RETURN(format != NULL, EINVAL, -1);
_VALIDATE_RETURN(string != NULL && sizeInBytes > 0, EINVAL, -1);
The only remaining difference between _vsnprintf_s and _vsprintf_p is that the former NULL-terminates the buffer and fills the rest a pattern if _vsnprintf_helper failed because of any reason other than truncation:
string[0] = 0;
_SECURECRT__FILL_STRING(string, sizeInBytes, 1);
This CL write NULL to the end of the buffer in any error case (truncation or other reason).
Review URL: http://codereview.chromium.org/9702002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@127788 0039d316-1c4b-4281-b951-d872f2087c98
|
