From: Kevin Day Date: Sat, 24 Feb 2024 05:35:47 +0000 (-0600) Subject: Security: The fl_print_format_convert() is missing the check on the pointer and updat... X-Git-Tag: 0.6.9~13 X-Git-Url: https://git.kevux.org/?a=commitdiff_plain;h=fb88b35b9f53bb8dc52e8fd867cc65fd7a4fe18b;p=fll Security: The fl_print_format_convert() is missing the check on the pointer and update the related documentation comments. The documentation comments have the status return values in the wrong spot. Relocate them to below the variable. This caused me to notice that this function is missing the standard NULL check on a pointer parameter. The 0.7 versions make this parameter optional. Do the same thing as the 0.7 versions and make this optional. --- diff --git a/level_1/fl_print/c/print.c b/level_1/fl_print/c/print.c index fcf9012..27b56c2 100644 --- a/level_1/fl_print/c/print.c +++ b/level_1/fl_print/c/print.c @@ -34,7 +34,13 @@ extern "C" { if (!stream) return 0; #endif // _di_level_1_parameter_checking_ - return private_fl_print_format_convert(string, stream, ap, status); + if (status) { + return private_fl_print_format_convert(string, stream, ap, status); + } + + f_status_t status_local = F_none; + + return private_fl_print_format_convert(string, stream, ap, &status_local); } #endif // _di_fl_print_format_convert_ diff --git a/level_1/fl_print/c/print.h b/level_1/fl_print/c/print.h index 8fa7284..305a3ac 100644 --- a/level_1/fl_print/c/print.h +++ b/level_1/fl_print/c/print.h @@ -241,14 +241,9 @@ extern "C" { * @param ap * The variable arguments list. * @param status - * The status is stored here rather then via the return. - * - * @return - * This returns a string at either the start position (if nothing done or an error occurred) or at the character last processed. - * The caller is expected to increment past this if they wish to continue processing the string. - * - * The status parameter will be set as follows: + * (optional) Set to NULL to not use. * + * The status parameter will be set as follows on return: * F_none on success. * * F_output (with error bit) on failure to print to the output file. @@ -270,6 +265,10 @@ extern "C" { * Errors (with error bit) from: f_print_safely(). * Errors (with error bit) from: f_print_terminated(). * + * @return + * This returns a string at either the start position (if nothing done or an error occurred) or at the character last processed. + * The caller is expected to increment past this if they wish to continue processing the string. + * * @see fputc_unlocked() * * @see f_conversion_number_signed_print()