diff options
| author | Igor Ryzhov <iryzhov@nfware.com> | 2024-03-04 20:41:41 +0200 |
|---|---|---|
| committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-03-05 03:45:38 +0000 |
| commit | f23f58a6a4fb9325af1960d96dece6dec8f34fe5 (patch) | |
| tree | bbed938d83d7bbcc9d1735effc62dd5dfaf02603 | |
| parent | e5da17897c49e43f586bb7c8388b81e547708446 (diff) | |
lib: fix infinite loop in __darr_in_vsprintf
`darr_avail` returns the available capacity excluding the already
existing terminating NULL byte. Take this into account when using
`darr_avail`. Otherwise, if the error length is a power of 2, the
capacity is never enough and the function stucks in an infinite loop.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
(cherry picked from commit cb6032d6b3d9fc1198f61ac343ec22b456a8896e)
| -rw-r--r-- | lib/darr.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/darr.c b/lib/darr.c index 4f3bd9fb67..7a01274104 100644 --- a/lib/darr.c +++ b/lib/darr.c @@ -70,11 +70,11 @@ char *__darr_in_vsprintf(char **sp, bool concat, const char *fmt, va_list ap) *darr_append(*sp) = 0; again: va_copy(ap_copy, ap); - len = vsnprintf(darr_last(*sp), darr_avail(*sp), fmt, ap_copy); + len = vsnprintf(darr_last(*sp), darr_avail(*sp) + 1, fmt, ap_copy); va_end(ap_copy); if (len < 0) darr_in_strcat(*sp, fmt); - else if ((size_t)len < darr_avail(*sp)) + else if ((size_t)len <= darr_avail(*sp)) _darr_len(*sp) += len; else { darr_ensure_cap(*sp, darr_len(*sp) + (size_t)len); |