From 8a025b7b63ced493630f92c3910976e070e02e7d Mon Sep 17 00:00:00 2001
From: ghazi <ghazi@138bc75d-0d04-0410-961f-82ee72b054a4>
Date: Wed, 17 May 2000 14:43:50 +0000
Subject: [PATCH] 	* fixinc/fixfixes.c (char_macro_use_fix,
 char_macro_def_fix): 	Don't check the return value of sprintf.  Use asprintf
 to avoid 	buffer overflows.

git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@33955 138bc75d-0d04-0410-961f-82ee72b054a4
---
 gcc/ChangeLog         |  6 ++++++
 gcc/fixinc/fixfixes.c | 23 ++++++++++++++---------
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index 1e597c4..b0b621d 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,9 @@
+2000-05-17  Kaveh R. Ghazi  <ghazi@caip.rutgers.edu>
+
+	* fixinc/fixfixes.c (char_macro_use_fix, char_macro_def_fix):
+	Don't check the return value of sprintf.  Use asprintf to avoid
+	buffer overflows.
+
 Wed May 17 17:27:44 2000  Andrew Cagney  <cagney@b1.cygnus.com>
 
 	* flags.h (warn_unused_function, warn_unused_label,
diff --git a/gcc/fixinc/fixfixes.c b/gcc/fixinc/fixfixes.c
index 35dfc361..0aa2cd7 100644
--- a/gcc/fixinc/fixfixes.c
+++ b/gcc/fixinc/fixfixes.c
@@ -296,7 +296,7 @@ FIX_PROC_HEAD( char_macro_use_fix )
 #endif
     ;
 
-  char zPat[ sizeof( zPatFmt ) + 32 ];
+  char *pz_pat;
 
   static regex_t re;
 
@@ -309,13 +309,15 @@ FIX_PROC_HEAD( char_macro_use_fix )
       exit(3);
     }
 
-  if (sprintf( zPat, zPatFmt, p_fixd->patch_args[1] ) >= sizeof( zPat ))
+  asprintf (&pz_pat, zPatFmt, p_fixd->patch_args[1]);
+  if (!pz_pat)
     {
-      fprintf( stderr, "Oversize format:  %s\n", zPat );
+      fprintf( stderr, "Virtual memory exhausted\n" );
       exit(3);
     }
 
-  compile_re (zPat, &re, 2, "macro pattern", "char_macro_use_fix");
+  compile_re (pz_pat, &re, 2, "macro pattern", "char_macro_use_fix");
+  free (pz_pat);
 
   while (regexec (&re, text, 3, rm, 0) == 0)
     {
@@ -378,7 +380,7 @@ FIX_PROC_HEAD( char_macro_def_fix )
 #endif
     ;
 
-  char zPat[ sizeof( zPatFmt ) + 32 ];
+  char *pz_pat;
 
   static regex_t re;
 
@@ -393,20 +395,23 @@ FIX_PROC_HEAD( char_macro_def_fix )
       exit(3);
     }
 
-  if (sprintf( zPat, zPatFmt, p_fixd->patch_args[1] ) >= sizeof( zPat ))
+  asprintf (&pz_pat, zPatFmt, p_fixd->patch_args[1]);
+  if (!pz_pat)
     {
-      fprintf( stderr, "Oversize format:  %s\n", zPat );
+      fprintf (stderr, "Virtual memory exhausted\n");
       exit(3);
     }
 
-  compile_re (zPat, &re, 1, "macro pattern", "char_macro_def_fix");
+  compile_re (pz_pat, &re, 1, "macro pattern", "char_macro_def_fix");
 
   if ((rerr = regexec (&re, text, 3, rm, 0)) != 0)
     {
-      fprintf( stderr, "Match error %d:\n%s\n", rerr, zPat );
+      fprintf( stderr, "Match error %d:\n%s\n", rerr, pz_pat );
       exit(3);
     }
 
+  free (pz_pat);
+  
   while ((rerr = regexec (&re, text, 3, rm, 0)) == 0)
     {
       const char* pz = text + rm[2].rm_so;
-- 
2.7.4