]> git.puffer.fish Git - mirror/frr.git/commitdiff
projects / mirror / frr.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a976189)
lib: fix __darr_in_vsprintf
authorIgor Ryzhov <iryzhov@nfware.com>
Mon, 5 Feb 2024 17:04:39 +0000 (19:04 +0200)
committerMergify <37929162+mergify[bot]@users.noreply.github.com>
Tue, 5 Mar 2024 03:45:38 +0000 (03:45 +0000)
If the initial darr capacity is not enough for the output, the `ap` is
reused multiple times, which is wrong, because it may be altered by
`vsnprintf`. Make a copy of `ap` each time instead of reusing.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit ee0c1cc1e4b87bde73f1eba3212ab93b1c379c6c)

lib/darr.c patch | blob | history

diff --git a/lib/darr.c b/lib/darr.c
index f7a64fc3943f5c87430f6fec28ec87413348db64..4f3bd9fb67ab6b6b7c5e71fc71b4dc2846127442 100644 (file)
--- a/lib/darr.c
+++ b/lib/darr.c
@@ -58,6 +58,7 @@ char *__darr_in_vsprintf(char **sp, bool concat, const char *fmt, va_list ap)
        size_t inlen = concat ? darr_strlen(*sp) : 0;
        size_t capcount = strlen(fmt) + MIN(inlen + 64, 128);
        ssize_t len;
+       va_list ap_copy;
 
        darr_ensure_cap(*sp, capcount);
 
@@ -68,7 +69,9 @@ char *__darr_in_vsprintf(char **sp, bool concat, const char *fmt, va_list ap)
        if (darr_len(*sp) == 0)
                *darr_append(*sp) = 0;
 again:
-       len = vsnprintf(darr_last(*sp), darr_avail(*sp), fmt, ap);
+       va_copy(ap_copy, ap);
+       len = vsnprintf(darr_last(*sp), darr_avail(*sp), fmt, ap_copy);
+       va_end(ap_copy);
        if (len < 0)
                darr_in_strcat(*sp, fmt);
        else if ((size_t)len < darr_avail(*sp))
Unnamed repository; edit this file 'description' to name the repository.