-
-
Notifications
You must be signed in to change notification settings - Fork 129
/
Copy pathdtostrf.cpp
44 lines (37 loc) · 1.63 KB
/
dtostrf.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
/*
* Copyright (c) 2020 Arduino. All rights reserved.
*/
/**************************************************************************************
* INCLUDE
**************************************************************************************/
#include <cstdio>
#include <cfloat>
/**************************************************************************************
* FUNCTION IMPLEMENTATION
**************************************************************************************/
#ifdef __cplusplus
extern "C" {
#endif
/*
* A fundamental issue with dtostrf is the risk of buffer overflow as the size of the
* output buffer is not passed in. Previous implementation relied on sprintf which has
* the same issue and has now been deprecated, leading to compilation warnings that are
* considered fatal. Here, we use snprintf to avoid those warnings, with a limit
* set large enough for the longest buffer used by the String class. The risk
* of buffer overflow remains when a smaller buffer is passed in.
*
* TODO Refactor String not to rely on this function.
*/
char *dtostrf (double val, signed char width, unsigned char prec, char *sout) {
// From String.h - DOUBLE_BUF_SIZE is the largest it could use
static size_t const FLT_MAX_DECIMAL_PLACES = 10;
static size_t const DBL_MAX_DECIMAL_PLACES = FLT_MAX_DECIMAL_PLACES;
static size_t const DOUBLE_BUF_SIZE = DBL_MAX_10_EXP + DBL_MAX_DECIMAL_PLACES + 1 /* '-' */ + 1 /* '.' */ + 1 /* '\0' */;
char fmt[20];
snprintf(fmt, sizeof(fmt), "%%%d.%df", width, prec);
snprintf(sout, DOUBLE_BUF_SIZE, fmt, val);
return sout;
}
#ifdef __cplusplus
} // extern "C"
#endif