projects
/
pspp
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix buffer overflow reported by John Darrington.
[pspp]
/
src
/
language
/
dictionary
/
numeric.c
diff --git
a/src/language/dictionary/numeric.c
b/src/language/dictionary/numeric.c
index a914b06ac2502012ade383d2c5b5b84fb844f44a..ae9619638c060d0259fe14d8a64a849c66e444ad 100644
(file)
--- a/
src/language/dictionary/numeric.c
+++ b/
src/language/dictionary/numeric.c
@@
-1,5
+1,5
@@
/* PSPP - computes sample statistics.
/* PSPP - computes sample statistics.
- Copyright (C) 1997-9, 2000 Free Software Foundation, Inc.
+ Copyright (C) 1997-9, 2000
, 2006
Free Software Foundation, Inc.
Written by Ben Pfaff <blp@gnu.org>.
This program is free software; you can redistribute it and/or
Written by Ben Pfaff <blp@gnu.org>.
This program is free software; you can redistribute it and/or
@@
-25,9
+25,10
@@
#include <data/procedure.h>
#include <data/variable.h>
#include <language/command.h>
#include <data/procedure.h>
#include <data/variable.h>
#include <language/command.h>
+#include <language/lexer/format-parser.h>
#include <language/lexer/lexer.h>
#include <language/lexer/variable-parser.h>
#include <language/lexer/lexer.h>
#include <language/lexer/variable-parser.h>
-#include <libpspp/
message
.h>
+#include <libpspp/
assertion
.h>
#include <libpspp/message.h>
#include <libpspp/str.h>
#include <libpspp/message.h>
#include <libpspp/str.h>
@@
-36,7
+37,7
@@
/* Parses the NUMERIC command. */
int
/* Parses the NUMERIC command. */
int
-cmd_numeric (
void
)
+cmd_numeric (
struct dataset *ds
)
{
size_t i;
{
size_t i;
@@
-56,12
+57,13
@@
cmd_numeric (void)
/* Get the optional format specification. */
if (lex_match ('('))
{
/* Get the optional format specification. */
if (lex_match ('('))
{
- if (!parse_format_specifier (&f
, 0
))
+ if (!parse_format_specifier (&f))
goto fail;
goto fail;
- if (f
ormats[f.type].cat & FCAT_STRING
)
+ if (f
mt_is_string (f.type)
)
{
{
+ char str[FMT_STRING_LEN_MAX + 1];
msg (SE, _("Format type %s may not be used with a numeric "
msg (SE, _("Format type %s may not be used with a numeric "
-
"variable."), fmt_to_string (&f
));
+
"variable."), fmt_to_string (&f, str
));
goto fail;
}
goto fail;
}
@@
-77,7
+79,7
@@
cmd_numeric (void)
/* Create each variable. */
for (i = 0; i < nv; i++)
{
/* Create each variable. */
for (i = 0; i < nv; i++)
{
- struct variable *new_var = dict_create_var (d
efault_dict
, v[i], 0);
+ struct variable *new_var = dict_create_var (d
ataset_dict (ds)
, v[i], 0);
if (!new_var)
msg (SE, _("There is already a variable named %s."), v[i]);
else
if (!new_var)
msg (SE, _("There is already a variable named %s."), v[i]);
else
@@
-107,7
+109,7
@@
fail:
/* Parses the STRING command. */
int
/* Parses the STRING command. */
int
-cmd_string (
void
)
+cmd_string (
struct dataset *ds
)
{
size_t i;
{
size_t i;
@@
-127,38
+129,25
@@
cmd_string (void)
return CMD_FAILURE;
if (!lex_force_match ('(')
return CMD_FAILURE;
if (!lex_force_match ('(')
- || !parse_format_specifier (&f, 0))
+ || !parse_format_specifier (&f)
+ || !lex_force_match (')'))
goto fail;
goto fail;
- if (!
(formats[f.type].cat & FCAT_STRING
))
+ if (!
fmt_is_string (f.type
))
{
{
+ char str[FMT_STRING_LEN_MAX + 1];
msg (SE, _("Format type %s may not be used with a string "
msg (SE, _("Format type %s may not be used with a string "
-
"variable."), fmt_to_string (&f
));
+
"variable."), fmt_to_string (&f, str
));
goto fail;
}
goto fail;
}
+ if (!fmt_check_output (&f))
+ goto fail;
- if (!lex_match (')'))
- {
- msg (SE, _("`)' expected after output format."));
- goto fail;
- }
-
- switch (f.type)
- {
- case FMT_A:
- width = f.w;
- break;
- case FMT_AHEX:
- width = f.w / 2;
- break;
- default:
- assert (0);
- abort ();
- }
+ width = fmt_var_width (&f);
/* Create each variable. */
for (i = 0; i < nv; i++)
{
/* Create each variable. */
for (i = 0; i < nv; i++)
{
- struct variable *new_var = dict_create_var (d
efault_dict
, v[i],
+ struct variable *new_var = dict_create_var (d
ataset_dict (ds)
, v[i],
width);
if (!new_var)
msg (SE, _("There is already a variable named %s."), v[i]);
width);
if (!new_var)
msg (SE, _("There is already a variable named %s."), v[i]);
@@
-186,14
+175,14
@@
fail:
/* Parses the LEAVE command. */
int
/* Parses the LEAVE command. */
int
-cmd_leave (
void
)
+cmd_leave (
struct dataset *ds
)
{
struct variable **v;
size_t nv;
size_t i;
{
struct variable **v;
size_t nv;
size_t i;
- if (!parse_variables (d
efault_dict
, &v, &nv, PV_NONE))
+ if (!parse_variables (d
ataset_dict (ds)
, &v, &nv, PV_NONE))
return CMD_CASCADING_FAILURE;
for (i = 0; i < nv; i++)
v[i]->leave = true;
return CMD_CASCADING_FAILURE;
for (i = 0; i < nv; i++)
v[i]->leave = true;