[PATCH] itoa
Corinna Vinschen
vinschen@redhat.com
Tue Dec 9 10:07:00 GMT 2014
Hi Jon,
On Dec 8 18:13, Jon Beniston wrote:
> Hi Corinna,
>
> > What other platforms?
>
> Various Windows compilers and a variety of embedded targets, but no,
> not generally unices (although you often see people asking for it in
> various forums).
Ok.
> > The API is rather unsafe, given that the size of the buffer is not
> > checked (no size parameter).
>
> The API is that the buffer should be sizeof(int)*8+1 to handle the
> worst case. E.g: http://www.cplusplus.com/reference/cstdlib/itoa/
> I've added this to the DESCRIPTION.
Given that this is non-standard anyway, what about creating a safer
alternative instead, along the lines of Craig's/Freddie's itoa_s/np?
Also, shouldn't the functions start with an underscore so as not to
pollute the standard namespace? itoa and utoa are very likely not
uncommon as function names in existing projects.
> > But what I'm really missing are checks for the base parameter being
> > valid. It could be > 36. Or negative.
>
> According to the docs, base must be between 2 and 36. I didn't add
> this check initially, as I don't see much parameter range checking in
> newlib generally, however, I've now added a check and it terminates
> the string and returns NULL if base is out of range. (It seems MSVC
> doesn't check the base, as it divides by zero if you use 0).
>
> I've also modified it as per Freddie's suggestion.
Did you test it? AFAICS, the itoa function never returns the sign:
if (val < 0)
val = -val;
*str++ = '-';
return utoa (val, str, base);
this returns a pointer to str + 1 in case val is < 0.
Corinna
--
Corinna Vinschen
Cygwin Maintainer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://sourceware.org/pipermail/newlib/attachments/20141209/4fdab66f/attachment.sig>
More information about the Newlib
mailing list