printf: Limit width modifier to [0..MAXFLD]

When capping the the absolute value of the width modifier in printf(), it must first be cast to an 'unsigned'. This stems from the fact that in two's complement, not all negative numbers have a positive counterpart. Change-Id: I3e6f92f68ab1b8dab48bbf883c5ad4b078a93f87 Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
author: Peter Mitsis <peter.mitsis@windriver.com> 2016-03-18 10:48:02 -0400
committer: Gerrit Code Review <gerrit@zephyrproject.org> 2016-03-19 11:03:54 +0000
commit: 7f14e706ec41fa525612b9519277429652bbaab9 (patch)
tree: f20d54a7b217261e570a81d5157a4ce12644ad66 /lib
parent: de5dd2f0ffe5ba934650c7526126028c4be247ed (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/libc/minimal/source/stdout/prf.c b/lib/libc/minimal/source/stdout/prf.c
index 58ca7f0dd..6e6d829c1 100644
--- a/lib/libc/minimal/source/stdout/prf.c
+++ b/lib/libc/minimal/source/stdout/prf.c
@@ -586,8 +586,15 @@ int _prf(int (*func)(), void *dest, char *format, va_list vargs)
 				c = *format++;
 			}
 
-			if (width > MAXFLD)
+			/*
+			 * If <width> is INT_MIN, then its absolute value can
+			 * not be expressed as a positive number using 32-bit
+			 * two's complement.  To cover that case, cast it to
+			 * an unsigned before comparing it against MAXFLD.
+			 */
+			if ((unsigned) width > MAXFLD) {
 				width = MAXFLD;
+			}
 
 			if (c == '.') {
 				c = *format++;
author	Peter Mitsis <peter.mitsis@windriver.com>	2016-03-18 10:48:02 -0400
committer	Gerrit Code Review <gerrit@zephyrproject.org>	2016-03-19 11:03:54 +0000
commit	7f14e706ec41fa525612b9519277429652bbaab9 (patch)
tree	f20d54a7b217261e570a81d5157a4ce12644ad66 /lib
parent	de5dd2f0ffe5ba934650c7526126028c4be247ed (diff)