lib: fix infinite loop in __darr_in_vsprintf

`darr_avail` returns the available capacity excluding the already
existing terminating NULL byte. Take this into account when using
`darr_avail`. Otherwise, if the error length is a power of 2, the
capacity is never enough and the function stucks in an infinite loop.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit cb6032d6b3d9fc1198f61ac343ec22b456a8896e)

diff --git a/lib/darr.c b/lib/darr.c
index 4f3bd9fb67ab6b6b7c5e71fc71b4dc2846127442..7a01274104930bd8a7d9c0c08e6cf5007530f3cc 100644 (file)
--- a/lib/darr.c
+++ b/lib/darr.c
@@ -70,11 +70,11 @@ char *__darr_in_vsprintf(char **sp, bool concat, const char *fmt, va_list ap)
                *darr_append(*sp) = 0;
 again:
        va_copy(ap_copy, ap);
-       len = vsnprintf(darr_last(*sp), darr_avail(*sp), fmt, ap_copy);
+       len = vsnprintf(darr_last(*sp), darr_avail(*sp) + 1, fmt, ap_copy);
        va_end(ap_copy);
        if (len < 0)
                darr_in_strcat(*sp, fmt);
-       else if ((size_t)len < darr_avail(*sp))
+       else if ((size_t)len <= darr_avail(*sp))
                _darr_len(*sp) += len;
        else {
                darr_ensure_cap(*sp, darr_len(*sp) + (size_t)len);