* doprnt.c (doprnt): Omit useless test; int overflow check (Bug#8545).

diff --git a/src/ChangeLog b/src/ChangeLog
index 555fb95..14727d4 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,7 @@
+2011-04-28  Paul Eggert  <eggert@cs.ucla.edu>
+
+       * doprnt.c (doprnt): Omit useless test; int overflow check (Bug#8545).
+
 2011-04-28  Juanma Barranquero  <lekktu@gmail.com>
 
        * w32.c (init_environment): Warn about defaulting HOME to C:\.

diff --git a/src/doprnt.c b/src/doprnt.c
index 63dba9f..eac1796 100644 (file)
--- a/src/doprnt.c
+++ b/src/doprnt.c
@@ -198,8 +198,12 @@ doprnt (char *buffer, register size_t bufsize, const char *format,
                  while (fmt < format_end
                         && '0' <= fmt[1] && fmt[1] <= '9')
                    {
-                     if (n >= SIZE_MAX / 10
-                         || n * 10 > SIZE_MAX - (fmt[1] - '0'))
+                     /* Avoid int overflow, because many sprintfs seriously
+                        mess up with widths or precisions greater than
+                        INT_MAX.  Avoid size_t overflow, since our counters
+                        use size_t.  This test is slightly conservative, for
+                        speed and simplicity.  */
+                     if (n >= min (INT_MAX, SIZE_MAX) / 10)
                        error ("Format width or precision too large");
                      n = n * 10 + fmt[1] - '0';
                      *string++ = *++fmt;