[Nasm-cvs] lib/vsnprintf.c: correct boundary conditions

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Date: Fri, 28 Sep 2007 12:01:55 -0700

Correct the boundary conditions in lib/vsnprintf.c; as it was we could
have an undetected one-byte overwrite.
---
 lib/vsnprintf.c |   12 ++++++------
 1 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/vsnprintf.c b/lib/vsnprintf.c
index b2b19d9..2c9399a 100644
--- a/lib/vsnprintf.c
+++ b/lib/vsnprintf.c
@@ -30,17 +30,17 @@ int vsnprintf(char *str, size_t size, const char *format, va_list ap)
     }
 
     rv = vsprintf(snprintf_buffer, format, ap);
-    if (rv > BUFFER_SIZE) {
+    if (rv >= BUFFER_SIZE) {
 	nasm_malloc_error(ERR_PANIC|ERR_NOFILE,
 			  "snprintf buffer overflow");
     }
 
-    if (rv < (int)size-1)
-	bytes = rv;
-    else
-	bytes = size-1;
-
     if (size > 0) {
+	if ((size_t)rv < size-1)
+	    bytes = rv;
+	else
+	    bytes = size-1;
+
 	memcpy(str, snprintf_buffer, bytes);
 	str[bytes] = '\0';
     }
-- 
1.5.3.2-dirty



