From: Yuan Yuan <yyuanam@amazon.com>
Date: Tue, 30 May 2023 19:20:09 +0000 (+0000)
Subject: lib: fix vtysh core when handling questionmark
X-Git-Tag: frr-8.4.4~6^2
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=8986db7d91d8ee88a00402ec9d2f54b88cedc465;p=matthieu%2Ffrr.git

lib: fix vtysh core when handling questionmark

When issue vtysh command with ?, the initial buf size for the
element is 16. Then it would loop through each element in the cmd
output vector. If the required size for printing out the next
element is larger than the current buf size, realloc the buf memory
by doubling the current buf size regardless of the actual size
that's needed. This would cause vtysh core when the doubled size
is not enough for the next element.

Signed-off-by: Yuan Yuan <yyuanam@amazon.com>
(cherry picked from commit f8aa257997a6a6f69ec5d5715ab04d7cbfae1d1c)
---

diff --git a/lib/command.c b/lib/command.c
index a23afb1e43..ca05cd6d2f 100644
--- a/lib/command.c
+++ b/lib/command.c
@@ -743,9 +743,13 @@ char *cmd_variable_comp2str(vector comps, unsigned short cols)
 		char *item = vector_slot(comps, j);
 		itemlen = strlen(item);
 
-		if (cs + itemlen + AUTOCOMP_INDENT + 3 >= bsz)
-			buf = XREALLOC(MTYPE_TMP, buf, (bsz *= 2));
+		size_t next_sz = cs + itemlen + AUTOCOMP_INDENT + 3;
 
+		if (next_sz > bsz) {
+			/* Make sure the buf size is large enough */
+			bsz = next_sz;
+			buf = XREALLOC(MTYPE_TMP, buf, bsz);
+		}
 		if (lc + itemlen + 1 >= cols) {
 			cs += snprintf(&buf[cs], bsz - cs, "\n%*s",
 				       AUTOCOMP_INDENT, "");