xdump: Avoid undefined pointer arithmetic

s + n is defined only as long as it points into or just beyond the same array as s. Thus, our use of INT_MAX for "unlimited" relies on undefined behavior. Works fine in practice, but avoiding undefined pointer arithmetic isn't hard here, so let's do it. Signed-off-by: Markus Armbruster <armbru@pond.sub.org>
2014-01-27 18:56:05 +01:00 · 2014-01-27 18:56:05 +01:00 · 55857c7b20
commit 55857c7b20
parent 002a3a3f1e
1 changed files with 7 additions and 8 deletions
--- a/src/lib/common/xdump.c
+++ b/src/lib/common/xdump.c
@ -27,7 +27,7 @@
 *  xdump.c: Extended dumps
 *
 *  Known contributors to this file:
- *     Markus Armbruster, 2004-2013
+ *     Markus Armbruster, 2004-2014
 */

 /*
@ -122,20 +122,19 @@ xdeval(struct valstr *val, struct xdstr *xd,
 static void
 xdpresc(struct xdstr *xd, char *str, size_t n)
 {
-    unsigned char *s, *e, *l;
+    unsigned char *s, *e;

    s = (unsigned char *)str;
-    l = s + n;
    for (;;) {
 	for (e = s;
-	     e < l && *e != '"' && *e != '\\' && isgraph(*e);
-	     ++e)
+	     n && *e != '"' && *e != '\\' && isgraph(*e);
+	     e++, n--)
 	    ;
 	xd->pr("%.*s", (int)(e-s), s);
-	if (e < l && *e)
-	    xd->pr("\\%03o", *e++);
-	else
+	if (!n || !*e)
 	    break;
+	xd->pr("\\%03o", *e++);
+	n--;
 	s = e;
    }
 }