Fix vuprintf fix possible %s buffer over-read
when precision is not specified memchr recieved -1 for count count is unsigned so it looks in a potentially very large area for a terminator and returns this whole area if \0 is not found Instead we should use memchr when precision is specified and if precision is not specified use strlen Fixes 60+Mb Config.cfg files Change-Id: Ic4d1439334588f999c9071235430c42df2af5cc4
This commit is contained in:
parent
fa8760705c
commit
de6618a271
|
@ -473,15 +473,20 @@ static inline const char * format_s(const void *str,
|
|||
return NULL; /* wchar_t support for now */
|
||||
}
|
||||
|
||||
const char *s = str;
|
||||
size_t len;
|
||||
/* string length may be specified by precision instead of \0-
|
||||
terminated; however, don't go past a \0 if one is there */
|
||||
const char *s = str;
|
||||
size_t len = precision >= 0 ? precision : -1;
|
||||
if (precision >= 0) {
|
||||
const char *nil = memchr(s, '\0', (size_t) precision);
|
||||
|
||||
const char *nil = memchr(s, '\0', len);
|
||||
if (nil) {
|
||||
len = nil - s;
|
||||
}
|
||||
if (nil != NULL && (nil - s) < precision)
|
||||
len = nil - s;
|
||||
else
|
||||
len = precision;
|
||||
}
|
||||
else
|
||||
len = strlen(s);
|
||||
|
||||
fmt_buf->length = len;
|
||||
return s;
|
||||
|
|
Loading…
Reference in New Issue