From 43827654ac5cef5ce37a1faaaf86103fa51d1ea8 Mon Sep 17 00:00:00 2001 From: "H. Peter Anvin" Date: Fri, 28 Sep 2007 12:01:55 -0700 Subject: [PATCH] lib/vsnprintf.c: correct boundary conditions Correct the boundary conditions in lib/vsnprintf.c; as it was we could have an undetected one-byte overwrite. --- lib/vsnprintf.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/vsnprintf.c b/lib/vsnprintf.c index b2b19d9..2c9399a 100644 --- a/lib/vsnprintf.c +++ b/lib/vsnprintf.c @@ -30,17 +30,17 @@ int vsnprintf(char *str, size_t size, const char *format, va_list ap) } rv = vsprintf(snprintf_buffer, format, ap); - if (rv > BUFFER_SIZE) { + if (rv >= BUFFER_SIZE) { nasm_malloc_error(ERR_PANIC|ERR_NOFILE, "snprintf buffer overflow"); } - if (rv < (int)size-1) - bytes = rv; - else - bytes = size-1; - if (size > 0) { + if ((size_t)rv < size-1) + bytes = rv; + else + bytes = size-1; + memcpy(str, snprintf_buffer, bytes); str[bytes] = '\0'; } -- 2.7.4