From b0a06af596dcf12f3a0b0c3c304c7a84a3f71c2c Mon Sep 17 00:00:00 2001 From: "Jordan K. Hubbard" Date: Wed, 2 Jul 2003 07:08:44 +0000 Subject: [PATCH] When size is 1 should just null terminate the string. The dummy variable is made an array of two, to explicitly avoid stack corruption due to null-terminating (which is doesn't actually happen due to stack alignment padding). Submitted by: Ed Moy Obtained from: Apple Computer, Inc. --- lib/libc/stdio/vsnprintf.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/libc/stdio/vsnprintf.c b/lib/libc/stdio/vsnprintf.c index 64798073a70a..16d46eeaae02 100644 --- a/lib/libc/stdio/vsnprintf.c +++ b/lib/libc/stdio/vsnprintf.c @@ -50,7 +50,7 @@ vsnprintf(char * __restrict str, size_t n, const char * __restrict fmt, { size_t on; int ret; - char dummy; + char dummy[2]; FILE f; struct __sFILEX ext; @@ -61,8 +61,10 @@ vsnprintf(char * __restrict str, size_t n, const char * __restrict fmt, n = INT_MAX; /* Stdio internals do not deal correctly with zero length buffer */ if (n == 0) { - str = &dummy; - n = 1; + if (on > 0) + *str = '\0'; + str = dummy; + n = 1; } f._file = -1; f._flags = __SWR | __SSTR;