From 8a78cac1fb3ec6124c829631d8db2d08ff57ef14 Mon Sep 17 00:00:00 2001 From: Violin Yanev Date: Tue, 3 Sep 2013 11:43:22 +0200 Subject: [PATCH] Fixed a bug in output stream (big floats induced buffer overflow) Change-Id: Ib08e0b6f31f2f38e6972b5b815fcf54eb7db5e35 --- modules/capu/include/capu/util/StringOutputStream.h | 7 ++++--- modules/capu/test/util/StringOutputStreamTest.cpp | 8 ++++++++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/modules/capu/include/capu/util/StringOutputStream.h b/modules/capu/include/capu/util/StringOutputStream.h index af8f770c..bec02938 100644 --- a/modules/capu/include/capu/util/StringOutputStream.h +++ b/modules/capu/include/capu/util/StringOutputStream.h @@ -154,14 +154,15 @@ namespace capu StringOutputStream& StringOutputStream::operator<<(const float_t value) { - char_t buffer[16]; + // Maximum float value has 47 digits. +1 for termination 0 + char_t buffer[48]; switch(mFloatingPointType) { case NORMAL: - StringUtils::Sprintf(buffer, sizeof(buffer), "%f", value); + StringUtils::Sprintf(buffer, sizeof(buffer), "%.6f", value); break; case FIXED: - StringUtils::Sprintf(buffer, 16, "%.4f", value); + StringUtils::Sprintf(buffer, 48, "%.4f", value); break; } diff --git a/modules/capu/test/util/StringOutputStreamTest.cpp b/modules/capu/test/util/StringOutputStreamTest.cpp index 2ae520c8..b7cdfa8c 100644 --- a/modules/capu/test/util/StringOutputStreamTest.cpp +++ b/modules/capu/test/util/StringOutputStreamTest.cpp @@ -15,6 +15,7 @@ */ #include "StringOutputStreamTest.h" +#include "capu/os/NumericLimits.h" namespace capu { @@ -42,6 +43,13 @@ namespace capu EXPECT_EQ(9U, outputStream.length()); } + TEST_F(StringOutputStreamTest, WriteFloatMaximumNegative) + { + outputStream << -capu::generic::NumericLimits::Max(); + outputStream.flush(); + EXPECT_EQ(47U, outputStream.length()); + } + TEST_F(StringOutputStreamTest, WriteInt32) { outputStream << -1059192060;