Fix vsnprintf off-by-one bug · 0a6047eef1 - Gogs: Go Git Service GfA electronic

Fix vsnprintf off-by-one bug

The recent vsnprintf() fix introduced an off-by-one, and it's now
possible to overrun the target buffer by one byte.

The "end" pointer points to past the end of the buffer, so if we
have to truncate the result, it needs to be done though "end[-1]".

[ This is just an alternate and simpler patch to one proposed by Andrew
  and Jeremy, who actually noticed the problem ]

Acked-by: Andrew Morton <akpm@osdl.org>
Acked-by: Jeremy Fitzhardinge <jeremy@goop.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

Linus Torvalds 19 년 전

부모

27d68a36c4

커밋

0a6047eef1

1개의 변경된 파일과 1개의 추가작업 그리고 1개의 파일을 삭제

분할 보기 변경상태 보기

						
							+ 1
							
							- 1
						
lib/vsprintf.c
							 
								파일 보기
							
				@@ -489,7 +489,7 @@ int vsnprintf(char *buf, size_t size, const char *fmt, va_list args)
			
				 		if (str < end)
			
				 			*str = '\0';
			
				 		else
			
				-			*end = '\0';
			
				+			end[-1] = '\0';
			
				 	}
			
				 	/* the trailing null byte doesn't count towards the total */
			
				 	return str-buf;