From 776d802dde3d6361d7c700e0c788d64d302bd537 Mon Sep 17 00:00:00 2001 From: John Hodge Date: Tue, 10 Sep 2013 08:29:30 +0800 Subject: [PATCH] Kernel/libc - Fixed memory clobbering when vsnprintf output is bigger than buffer --- KernelLand/Kernel/libc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/KernelLand/Kernel/libc.c b/KernelLand/Kernel/libc.c index b0c083b0..29507824 100644 --- a/KernelLand/Kernel/libc.c +++ b/KernelLand/Kernel/libc.c @@ -187,8 +187,8 @@ void itoa(char *buf, Uint64 num, int base, int minLength, char pad) * \brief Append a character the the vsnprintf output */ #define PUTCH(ch) do { \ - if(pos < __maxlen) { \ - if(__s) __s[pos] = ch; \ + if(pos < __maxlen && __s) { \ + __s[pos] = ch; \ } else { \ (void)ch;\ } \ @@ -201,7 +201,7 @@ void itoa(char *buf, Uint64 num, int base, int minLength, char pad) /** * \brief VArg String Number Print Formatted */ -int vsnprintf(char *__s, size_t __maxlen, const char *__format, va_list args) +int vsnprintf(char *__s, const size_t __maxlen, const char *__format, va_list args) { char c, pad = ' '; int minSize = 0, precision = -1, len; @@ -404,7 +404,7 @@ int vsnprintf(char *__s, size_t __maxlen, const char *__format, va_list args) } } - if(__s && pos != __maxlen) + if(__s && pos < __maxlen) __s[pos] = '\0'; return pos; -- 2.20.1