From 466ba97d68bf289aef6c62ba449957def1291e0f Mon Sep 17 00:00:00 2001
From: "H. Peter Anvin" <hpa@zytor.com>
Date: Tue, 14 Jul 2009 14:48:26 -0400
Subject: [PATCH] quote: don't use sprintf()

There is no point in using sprintf(), and it adds the possibility of
either bugs due to the output not matching what the byte count loop is
expecting, or just cause people to freak out due to the notion that
"sprinf is unsafe".

Reported-by: Ed Beroset <beroset@mindspring.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
---
 quote.c | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/quote.c b/quote.c
index 3aca4403..5381d043 100644
--- a/quote.c
+++ b/quote.c
@@ -85,12 +85,15 @@ char *nasm_quote(char *str, size_t len)
 		    break;
 		default:
 		    c1 = (p+1 < ep) ? p[1] : 0;
-		    if (c > 077 || (c1 >= '0' && c1 <= '7'))
-			qlen += 4; /* Must use the full form */
-		    else if (c > 07)
-			qlen += 3;
+		    if (c1 >= '0' && c1 <= '7')
+			c1 = 0377; /* Must use the full form */
 		    else
-			qlen += 2;
+			c1 = c;
+		    if (c1 > 077)
+			qlen++;
+		    if (c1 > 07)
+			qlen++;
+		    qlen += 2;
 		    break;
 		}
 	    } else {
@@ -155,9 +158,16 @@ char *nasm_quote(char *str, size_t len)
 		if (c < ' ' || c > '~') {
 		    c1 = (p+1 < ep) ? p[1] : 0;
 		    if (c1 >= '0' && c1 <= '7')
-			q += sprintf(q, "\\%03o", (unsigned char)c);
+			c1 = 0377; /* Must use the full form */
 		    else
-			q += sprintf(q, "\\%o", (unsigned char)c);
+			c1 = c;
+		    *q++ = '\\';
+		    if (c1 > 077)
+			*q++ = (c >> 6) + '0';
+		    if (c1 > 07)
+			*q++ = ((c >> 3) & 7) + '0';
+		    *q++ = (c & 7) + '0';
+		    break;
 		} else {
 		    *q++ = c;
 		}
-- 
2.11.4.GIT