From 9562385288501255b025cb8627db06090ad76d19 Mon Sep 17 00:00:00 2001
From: yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 25 Dec 2008 09:51:20 +0000
Subject: merges r20911 and 20921 from trunk into ruby_1_9_1. *
 missing/vsnprintf.c (BSD_vfprintf): fix for test_sprintf_comb.rb, by   wanabe
 in [ruby-dev:36935].

git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_9_1@20999 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog           |  9 +++++++++
 missing/vsnprintf.c | 10 ++++++++--
 sprintf.c           |  4 ++--
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index fc20ff9d6..9bd88e233 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+Tue Dec 23 00:16:48 2008  Yusuke Endoh  <mame@tsg.ne.jp>
+
+	* sprintf.c (rb_str_format): fix buffer overflow.
+
+Mon Dec 22 12:25:09 2008  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* missing/vsnprintf.c (BSD_vfprintf): fix for test_sprintf_comb.rb, by
+	  wanabe in [ruby-dev:36935].
+
 Mon Dec 22 12:05:14 2008  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* configure.in (mingw): no longer uses snprintf and vsnprintf of
diff --git a/missing/vsnprintf.c b/missing/vsnprintf.c
index c4326b463..1ea2f143c 100644
--- a/missing/vsnprintf.c
+++ b/missing/vsnprintf.c
@@ -753,6 +753,8 @@ reswitch:	switch (ch) {
 #ifdef FLOATING_POINT
 		case 'e':		/* anomalous precision */
 		case 'E':
+			if (prec != 0)
+				flags |= ALT;
 			prec = (prec == -1) ?
 				DEFPREC + 1 : prec + 1;
 			/* FALLTHROUGH */
@@ -782,7 +784,7 @@ fp_begin:		_double = va_arg(ap, double);
 			cp = cvt(_double, prec, flags, &softsign,
 				&expt, ch, &ndig);
 			if (ch == 'g' || ch == 'G') {
-				if (expt <= -4 || expt > prec)
+				if (expt <= -4 || (expt > prec && expt > 1))
 					ch = (ch == 'g') ? 'e' : 'E';
 				else
 					ch = 'g';
@@ -798,6 +800,8 @@ fp_begin:		_double = va_arg(ap, double);
 					size = expt;
 					if (prec || flags & ALT)
 						size += prec + 1;
+				} else if (!prec) { /* "0" */
+					size = 1;
 				} else	/* "0.X" */
 					size = prec + 2;
 			} else if (expt >= ndig) {	/* fixed g fmt */
@@ -1008,13 +1012,15 @@ number:			if ((dprec = prec) >= 0)
 			if (ch >= 'f') {	/* 'f' or 'g' */
 				if (_double == 0) {
 				/* kludge for __dtoa irregularity */
-					if (prec == 0 ||
+					if (ndig <= 1 &&
 					    (flags & ALT) == 0) {
 						PRINT("0", 1);
 					} else {
 						PRINT("0.", 2);
 						PAD(ndig - 1, zeroes);
 					}
+				} else if (expt == 0 && ndig == 0 && (flags & ALT) == 0) {
+					PRINT("0", 1);
 				} else if (expt <= 0) {
 					PRINT("0.", 2);
 					PAD(-expt, zeroes);
diff --git a/sprintf.c b/sprintf.c
index 1195f9b17..cc8f097e5 100644
--- a/sprintf.c
+++ b/sprintf.c
@@ -979,8 +979,8 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt)
 		    if ((flags & FWIDTH) && need < width)
 			need = width;
 
-		    CHECK(need);
-		    snprintf(&buf[blen], need, "%*s", need, "");
+		    CHECK(need + 1);
+		    snprintf(&buf[blen], need + 1, "%*s", need, "");
 		    if (flags & FMINUS) {
 			if (!isnan(fval) && fval < 0.0)
 			    buf[blen++] = '-';
-- 
cgit