Address code review issues

Bogdan Marinescu · Bogdan Marinescu · commit 2a01a54e17b8 · 2018-03-23T10:23:48.000+02:00
- Improved comments to explain the checks on 'result'.
- Check for non-NULL format specifier.
diff --git a/features/minimal-printf/mbed_printf_implementation.c b/features/minimal-printf/mbed_printf_implementation.c
@@ -141,7 +141,8 @@ static void mbed_minimal_formatted_string_string(char* buffer, size_t length, in
  */
 static void mbed_minimal_formatted_string_signed(char* buffer, size_t length, int* result, MBED_SIGNED_STORAGE value)
 {
-    /* only continue if buffer can fit at least 1 characters */
+    /* only continue if buffer can fit at least 1 character and if
+       'result' doesn't overflow */
     if ((*result >= 0) && (*result <= INT_MAX - 1) && ((size_t)*result + 1 <= length))
     {
         MBED_UNSIGNED_STORAGE new_value = 0;
@@ -184,7 +185,8 @@ static void mbed_minimal_formatted_string_signed(char* buffer, size_t length, in
  */
 static void mbed_minimal_formatted_string_unsigned(char* buffer, size_t length, int* result, MBED_UNSIGNED_STORAGE value)
 {
-    /* only continue if buffer can fit at least 1 characters */
+    /* only continue if buffer can fit at least 1 character and if
+       'result' doesn't overflow */
     if ((*result >= 0) && (*result <= INT_MAX - 1) && ((size_t)*result + 1 <= length))
     {
         /* treat 0 as a corner case */
@@ -248,7 +250,8 @@ static void mbed_minimal_formatted_string_hexadecimal(char* buffer, size_t lengt
 {
     bool print_leading_zero = false;
 
-    /* only continue each loop if buffer can fit at least 2 characters */
+    /* only continue each loop if buffer can fit at least 2 characters
+       and if 'result' doesn't overflow */
     for (int index = 7; (*result >= 0) && (*result <= INT_MAX - 2) && ((size_t)*result + 2 <= length) && (index >= 0); index--)
     {
         /* get most significant byte */
@@ -293,7 +296,8 @@ static void mbed_minimal_formatted_string_hexadecimal(char* buffer, size_t lengt
  */
 static void mbed_minimal_formatted_string_void_pointer(char* buffer, size_t length, int* result, const void* value)
 {
-    /* only continue if buffer can fit '0x' and twice the size of a void* */
+    /* only continue if buffer can fit '0x' and twice the size of a void*
+       and if 'result' doesn't overflow */
     size_t needed = 2 + 2 * sizeof(void*);
     if ((*result >= 0) && ((size_t)*result <= INT_MAX - needed) && ((size_t)*result + needed <= length))
     {
@@ -327,7 +331,8 @@ static void mbed_minimal_formatted_string_void_pointer(char* buffer, size_t leng
  */
 static void mbed_minimal_formatted_string_double(char* buffer, size_t length, int* result, double value)
 {
-    /* only continue if buffer can fit at least 1 characters */
+    /* only continue if buffer can fit at least 1 character and if
+       'result' doesn't overflow */
     if ((*result >= 0) && (*result <= INT_MAX - 1) && ((size_t)*result + 1 <= length))
     {
         /* get integer part */
@@ -386,7 +391,8 @@ static void mbed_minimal_formatted_string_double(char* buffer, size_t length, in
  */
 static void mbed_minimal_formatted_string_character(char* buffer, size_t length, int* result, char character)
 {
-    /* only continue if the buffer can fit 1 character */
+    /* only continue if the buffer can fit 1 character and if
+       'result' doesn't overflow */
     if ((*result >= 0) && (*result <= INT_MAX - 1) && ((size_t)*result + 1 <= length))
     {
         /* write character */
@@ -426,7 +432,8 @@ static void mbed_minimal_formatted_string_character(char* buffer, size_t length,
  */
 static void mbed_minimal_formatted_string_string(char* buffer, size_t length, int* result, const char* string)
 {
-    /* only continue if the buffer can fit at least 1 character */
+    /* only continue if the buffer can fit at least 1 character and if
+       'result' doesn't overflow */
     if ((*result >= 0) && (*result <= INT_MAX - 1) && ((size_t)*result + 1 <= length))
     {
         /* count characters in string */
@@ -483,9 +490,10 @@ int mbed_minimal_formatted_string(char* buffer, size_t length, const char* forma
 
     int result = 0;
 
-    /* ensure that function wasn't called with an empty buffer, or with
-       a buffer size that is larger than the maximum 'int' value */
-    if (length > 0 && length <= INT_MAX)
+    /* ensure that function wasn't called with an empty buffer, or with or with
+       a buffer size that is larger than the maximum 'int' value, or with
+       a NULL format specifier */
+    if (format && length > 0 && length <= INT_MAX)
     {
         /* parse string */
         for (size_t index = 0; format[index] != '\0'; index++)

Original file line number	Diff line number	Diff line change
`@@ -141,7 +141,8 @@ static void mbed_minimal_formatted_string_string(char* buffer, size_t length, in`
`141`	`141`	`*/`
`142`	`142`	`static void mbed_minimal_formatted_string_signed(char* buffer, size_t length, int* result, MBED_SIGNED_STORAGE value)`
`143`	`143`	`{`
`144`		`- /* only continue if buffer can fit at least 1 characters */`
	`144`	`+ /* only continue if buffer can fit at least 1 character and if`
	`145`	`+ 'result' doesn't overflow */`
`145`	`146`	`if ((result >= 0) && (result <= INT_MAX - 1) && ((size_t)*result + 1 <= length))`
`146`	`147`	`{`
`147`	`148`	`MBED_UNSIGNED_STORAGE new_value = 0;`
`@@ -184,7 +185,8 @@ static void mbed_minimal_formatted_string_signed(char* buffer, size_t length, in`
`184`	`185`	`*/`
`185`	`186`	`static void mbed_minimal_formatted_string_unsigned(char* buffer, size_t length, int* result, MBED_UNSIGNED_STORAGE value)`
`186`	`187`	`{`
`187`		`- /* only continue if buffer can fit at least 1 characters */`
	`188`	`+ /* only continue if buffer can fit at least 1 character and if`
	`189`	`+ 'result' doesn't overflow */`
`188`	`190`	`if ((result >= 0) && (result <= INT_MAX - 1) && ((size_t)*result + 1 <= length))`
`189`	`191`	`{`
`190`	`192`	`/* treat 0 as a corner case */`
`@@ -248,7 +250,8 @@ static void mbed_minimal_formatted_string_hexadecimal(char* buffer, size_t lengt`
`248`	`250`	`{`
`249`	`251`	`bool print_leading_zero = false;`
`250`	`252`
`251`		`- /* only continue each loop if buffer can fit at least 2 characters */`
	`253`	`+ /* only continue each loop if buffer can fit at least 2 characters`
	`254`	`+ and if 'result' doesn't overflow */`
`252`	`255`	`for (int index = 7; (result >= 0) && (result <= INT_MAX - 2) && ((size_t)*result + 2 <= length) && (index >= 0); index--)`
`253`	`256`	`{`
`254`	`257`	`/* get most significant byte */`
`@@ -293,7 +296,8 @@ static void mbed_minimal_formatted_string_hexadecimal(char* buffer, size_t lengt`
`293`	`296`	`*/`
`294`	`297`	`static void mbed_minimal_formatted_string_void_pointer(char* buffer, size_t length, int* result, const void* value)`
`295`	`298`	`{`
`296`		`- /* only continue if buffer can fit '0x' and twice the size of a void* */`
	`299`	`+ /* only continue if buffer can fit '0x' and twice the size of a void*`
	`300`	`+ and if 'result' doesn't overflow */`
`297`	`301`	`size_t needed = 2 + 2 * sizeof(void*);`
`298`	`302`	`if ((result >= 0) && ((size_t)result <= INT_MAX - needed) && ((size_t)*result + needed <= length))`
`299`	`303`	`{`
`@@ -327,7 +331,8 @@ static void mbed_minimal_formatted_string_void_pointer(char* buffer, size_t leng`
`327`	`331`	`*/`
`328`	`332`	`static void mbed_minimal_formatted_string_double(char* buffer, size_t length, int* result, double value)`
`329`	`333`	`{`
`330`		`- /* only continue if buffer can fit at least 1 characters */`
	`334`	`+ /* only continue if buffer can fit at least 1 character and if`
	`335`	`+ 'result' doesn't overflow */`
`331`	`336`	`if ((result >= 0) && (result <= INT_MAX - 1) && ((size_t)*result + 1 <= length))`
`332`	`337`	`{`
`333`	`338`	`/* get integer part */`
`@@ -386,7 +391,8 @@ static void mbed_minimal_formatted_string_double(char* buffer, size_t length, in`
`386`	`391`	`*/`
`387`	`392`	`static void mbed_minimal_formatted_string_character(char* buffer, size_t length, int* result, char character)`
`388`	`393`	`{`
`389`		`- /* only continue if the buffer can fit 1 character */`
	`394`	`+ /* only continue if the buffer can fit 1 character and if`
	`395`	`+ 'result' doesn't overflow */`
`390`	`396`	`if ((result >= 0) && (result <= INT_MAX - 1) && ((size_t)*result + 1 <= length))`
`391`	`397`	`{`
`392`	`398`	`/* write character */`
`@@ -426,7 +432,8 @@ static void mbed_minimal_formatted_string_character(char* buffer, size_t length,`
`426`	`432`	`*/`
`427`	`433`	`static void mbed_minimal_formatted_string_string(char* buffer, size_t length, int* result, const char* string)`
`428`	`434`	`{`
`429`		`- /* only continue if the buffer can fit at least 1 character */`
	`435`	`+ /* only continue if the buffer can fit at least 1 character and if`
	`436`	`+ 'result' doesn't overflow */`
`430`	`437`	`if ((result >= 0) && (result <= INT_MAX - 1) && ((size_t)*result + 1 <= length))`
`431`	`438`	`{`
`432`	`439`	`/* count characters in string */`
`@@ -483,9 +490,10 @@ int mbed_minimal_formatted_string(char* buffer, size_t length, const char* forma`
`483`	`490`
`484`	`491`	`int result = 0;`
`485`	`492`
`486`		`- /* ensure that function wasn't called with an empty buffer, or with`
`487`		`- a buffer size that is larger than the maximum 'int' value */`
`488`		`- if (length > 0 && length <= INT_MAX)`
	`493`	`+ /* ensure that function wasn't called with an empty buffer, or with or with`
	`494`	`+ a buffer size that is larger than the maximum 'int' value, or with`
	`495`	`+ a NULL format specifier */`
	`496`	`+ if (format && length > 0 && length <= INT_MAX)`
`489`	`497`	`{`
`490`	`498`	`/* parse string */`
`491`	`499`	`for (size_t index = 0; format[index] != '\0'; index++)`