From: John Hodge Date: Tue, 10 Sep 2013 00:29:30 +0000 (+0800) Subject: Kernel/libc - Fixed memory clobbering when vsnprintf output is bigger than buffer X-Git-Tag: rel0.15~236 X-Git-Url: https://git.ucc.asn.au/?a=commitdiff_plain;h=776d802dde3d6361d7c700e0c788d64d302bd537;p=tpg%2Facess2.git Kernel/libc - Fixed memory clobbering when vsnprintf output is bigger than buffer --- diff --git a/KernelLand/Kernel/libc.c b/KernelLand/Kernel/libc.c index b0c083b0..29507824 100644 --- a/KernelLand/Kernel/libc.c +++ b/KernelLand/Kernel/libc.c @@ -187,8 +187,8 @@ void itoa(char *buf, Uint64 num, int base, int minLength, char pad) * \brief Append a character the the vsnprintf output */ #define PUTCH(ch) do { \ - if(pos < __maxlen) { \ - if(__s) __s[pos] = ch; \ + if(pos < __maxlen && __s) { \ + __s[pos] = ch; \ } else { \ (void)ch;\ } \ @@ -201,7 +201,7 @@ void itoa(char *buf, Uint64 num, int base, int minLength, char pad) /** * \brief VArg String Number Print Formatted */ -int vsnprintf(char *__s, size_t __maxlen, const char *__format, va_list args) +int vsnprintf(char *__s, const size_t __maxlen, const char *__format, va_list args) { char c, pad = ' '; int minSize = 0, precision = -1, len; @@ -404,7 +404,7 @@ int vsnprintf(char *__s, size_t __maxlen, const char *__format, va_list args) } } - if(__s && pos != __maxlen) + if(__s && pos < __maxlen) __s[pos] = '\0'; return pos;