To figure out if we're going outside the buffer, use the size of the buffer,

not the size of the integer used to index in said buffer.

PR: 794
Notified by: Rhett Garber <rhett_garber@hp.com>

diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index de74ec6df9d49d6210311d70828a2b70f77c7cf1..960a049bcafda3d5197730931597ed9cdf34b8bb 100644 (file)
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -652,8 +652,8 @@ fmtfp(
             (caps ? "0123456789ABCDEF"
               : "0123456789abcdef")[intpart % 10];
         intpart = (intpart / 10);
-    } while (intpart && (iplace < (int)sizeof(iplace)));
-    if (iplace == sizeof iplace)
+    } while (intpart && (iplace < (int)sizeof(iconvert)));
+    if (iplace == sizeof iconvert)
         iplace--;
     iconvert[iplace] = 0;
 
@@ -664,7 +664,7 @@ fmtfp(
               : "0123456789abcdef")[fracpart % 10];
         fracpart = (fracpart / 10);
     } while (fplace < max);
-    if (fplace == sizeof fplace)
+    if (fplace == sizeof fconvert)
         fplace--;
     fconvert[fplace] = 0;