Module crashes during convert if string is long enough
Brought to you by:
shmupsik
Function str_write uses vsnprintf incorrectly:
From man about the functions vprintf(), vfprintf(), vsprintf(), vsnprintf():
"Because they invoke the va_arg macro, the value of ap is undefined after the call."
If string doesn't fit into 256 bytes, then buffer will be realloced and undefined ap will be used on next egg_vsnprintf call.
Possible fix:
diff -upr a/logs2html.mod/fileoperations.c b/logs2html.mod/fileoperations.c --- a/logs2html.mod/fileoperations.c 2009-05-08 21:52:04.000000000 +0400 +++ b/logs2html.mod/fileoperations.c 2014-11-11 10:12:35.462330419 +0400 @@ -116,14 +116,14 @@ static void str_write(FILE *file, char * buffer = (char *)nmalloc(size); - va_start(ap, fstr); while (true) { + va_start(ap, fstr); nchars = egg_vsnprintf(buffer, size, fstr, ap); + va_end(ap); if (nchars < size) break; size *= 2; buffer = (char *)nrealloc(buffer, size); } - va_end(ap); fwrite(buffer, sizeof(char), strlen(buffer), file); nfree(buffer); buffer = NULL;
Thank you. Marked proposed solution as accepted, although I can't test it now.