mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-04 15:40:44 +00:00
When size is 1 should just null terminate the string. The dummy variable
is made an array of two, to explicitly avoid stack corruption due to null-terminating (which is doesn't actually happen due to stack alignment padding). Submitted by: Ed Moy <emoy@apple.com> Obtained from: Apple Computer, Inc.
This commit is contained in:
parent
f493d09ae7
commit
b0a06af596
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=117147
|
@ -50,7 +50,7 @@ vsnprintf(char * __restrict str, size_t n, const char * __restrict fmt,
|
|||
{
|
||||
size_t on;
|
||||
int ret;
|
||||
char dummy;
|
||||
char dummy[2];
|
||||
FILE f;
|
||||
struct __sFILEX ext;
|
||||
|
||||
|
@ -61,8 +61,10 @@ vsnprintf(char * __restrict str, size_t n, const char * __restrict fmt,
|
|||
n = INT_MAX;
|
||||
/* Stdio internals do not deal correctly with zero length buffer */
|
||||
if (n == 0) {
|
||||
str = &dummy;
|
||||
n = 1;
|
||||
if (on > 0)
|
||||
*str = '\0';
|
||||
str = dummy;
|
||||
n = 1;
|
||||
}
|
||||
f._file = -1;
|
||||
f._flags = __SWR | __SSTR;
|
||||
|
|
Loading…
Reference in a new issue