On 19.03.2009 14:34, svn@coreboot.org wrote:

Author: stuge New Revision: 1159

v3 vtxprintf(): Stop looking for non-ASCII characters after one has been found.

And update the string length. Many thanks to Mathias Krause for spotting this!

Signed-off-by: Peter Stuge peter@stuge.se Acked-by: Peter Stuge peter@stuge.se

Modified: coreboot-v3/lib/vtxprintf.c

--- coreboot-v3/lib/vtxprintf.c 2009-03-19 12:53:57 UTC (rev 1158) +++ coreboot-v3/lib/vtxprintf.c 2009-03-19 13:34:53 UTC (rev 1159) @@ -202,8 +202,11 @@ len = strnlen(s, precision);

	for (i = 0; i < len; ++i)

• 		if (!isprint(*s[i]))
  

• 		if (!isprint(*s[i])) {
  		s = "<non-ASCII characters>";
  

• 			len = strlen(s);
  
  

Shouldn't that be

len = strnlen(s, precision);

to avoid overflowing any buffers? Sure, the message may be truncated due to that, but I prefer truncation to buffer overflows.

• 			break;
  

• 		}
  if (!(flags & LEFT))
  	while (len < field_width--)
  		tx_byte(' ', arg), count++;
  
  

Reminds me of the old saying: "Fixing one bug creates another." No offense intended.

I hope that we get enough GSoC slots to find someone for the code checker project.

Regards, Carl-Daniel