From: H. P. A. <hp...@zy...> - 2007-09-28 19:12:54
|
Date: Fri, 28 Sep 2007 12:01:55 -0700 Correct the boundary conditions in lib/vsnprintf.c; as it was we could have an undetected one-byte overwrite. --- lib/vsnprintf.c | 12 ++++++------ 1 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/vsnprintf.c b/lib/vsnprintf.c index b2b19d9..2c9399a 100644 --- a/lib/vsnprintf.c +++ b/lib/vsnprintf.c @@ -30,17 +30,17 @@ int vsnprintf(char *str, size_t size, const char *format, va_list ap) } rv = vsprintf(snprintf_buffer, format, ap); - if (rv > BUFFER_SIZE) { + if (rv >= BUFFER_SIZE) { nasm_malloc_error(ERR_PANIC|ERR_NOFILE, "snprintf buffer overflow"); } - if (rv < (int)size-1) - bytes = rv; - else - bytes = size-1; - if (size > 0) { + if ((size_t)rv < size-1) + bytes = rv; + else + bytes = size-1; + memcpy(str, snprintf_buffer, bytes); str[bytes] = '\0'; } -- 1.5.3.2-dirty |