diff options
author | Linus Torvalds <torvalds@home.osdl.org> | 2004-02-02 21:17:29 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@home.osdl.org> | 2004-02-02 21:17:29 -0800 |
commit | 8eb736645d5ab51b7d1925236309d7cfbd6a90b4 (patch) | |
tree | 1db42e19f8485126e804615d9cd9897840b04671 /lib | |
parent | 236d2f4990e34083f4d455c859a8aaf65b7e7e1e (diff) | |
download | history-8eb736645d5ab51b7d1925236309d7cfbd6a90b4.tar.gz |
Warn loudly if somebody passes a negative value as
the size to "vsnprintf()".
That's a pretty clear case of overflow.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/vsprintf.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/vsprintf.c b/lib/vsprintf.c index 5ae1c3765f4c9a..da4398a3a6885d 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -254,6 +254,15 @@ int vsnprintf(char *buf, size_t size, const char *fmt, va_list args) /* 'z' support added 23/7/1999 S.H. */ /* 'z' changed to 'Z' --davidm 1/25/99 */ + /* Reject out-of-range values early */ + if (unlikely((int) size < 0)) { + /* There can be only one.. */ + static int warn = 1; + WARN_ON(warn); + warn = 0; + return 0; + } + str = buf; end = buf + size - 1; @@ -498,7 +507,7 @@ EXPORT_SYMBOL(snprintf); */ int vsprintf(char *buf, const char *fmt, va_list args) { - return vsnprintf(buf, 0xFFFFFFFFUL, fmt, args); + return vsnprintf(buf, (~0U)>>1, fmt, args); } EXPORT_SYMBOL(vsprintf); |