Kernel/libc - Fixed memory clobbering when vsnprintf output is bigger than buffer

author John Hodge <[email protected]>

Tue, 10 Sep 2013 00:29:30 +0000 (08:29 +0800)

committer John Hodge <[email protected]>

Tue, 10 Sep 2013 00:29:30 +0000 (08:29 +0800)
author John Hodge <[email protected]>
Tue, 10 Sep 2013 00:29:30 +0000 (08:29 +0800)
committer John Hodge <[email protected]>
Tue, 10 Sep 2013 00:29:30 +0000 (08:29 +0800)
diff --git a/KernelLand/Kernel/libc.c b/KernelLand/Kernel/libc.c

index b0c083b..2950782 100644 (file)
--- a/KernelLand/Kernel/libc.c
+++ b/KernelLand/Kernel/libc.c
@@ -187,8 +187,8 @@ void itoa(char *buf, Uint64 num, int base, int minLength, char pad)
   * \brief Append a character the the vsnprintf output
   */
  #define PUTCH(ch)      do { \
-               if(pos < __maxlen) { \
-                       if(__s) __s[pos] = ch; \
+               if(pos < __maxlen && __s) { \
+                       __s[pos] = ch; \
                 } else { \
                         (void)ch;\
                 } \
@@ -201,7 +201,7 @@ void itoa(char *buf, Uint64 num, int base, int minLength, char pad)
  /**
   * \brief VArg String Number Print Formatted
   */
-int vsnprintf(char *__s, size_t __maxlen, const char *__format, va_list args)
+int vsnprintf(char *__s, const size_t __maxlen, const char *__format, va_list args)
  {
         char    c, pad = ' ';
          int    minSize = 0, precision = -1, len;
@@ -404,7 +404,7 @@ int vsnprintf(char *__s, size_t __maxlen, const char *__format, va_list args)
                 }
         }
         
-       if(__s && pos != __maxlen)
+       if(__s && pos < __maxlen)
                 __s[pos] = '\0';
         
         return pos;
author	John Hodge <[email protected]>
	Tue, 10 Sep 2013 00:29:30 +0000 (08:29 +0800)
committer	John Hodge <[email protected]>
	Tue, 10 Sep 2013 00:29:30 +0000 (08:29 +0800)