Warn loudly if somebody passes a negative value as

the size to "vsnprintf()". That's a pretty clear case of overflow.
author: Linus Torvalds <torvalds@home.osdl.org> 2004-02-02 21:17:29 -0800
committer: Linus Torvalds <torvalds@home.osdl.org> 2004-02-02 21:17:29 -0800
commit: 8eb736645d5ab51b7d1925236309d7cfbd6a90b4 (patch)
tree: 1db42e19f8485126e804615d9cd9897840b04671 /lib
parent: 236d2f4990e34083f4d455c859a8aaf65b7e7e1e (diff)
download: history-8eb736645d5ab51b7d1925236309d7cfbd6a90b4.tar.gz
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index 5ae1c3765f4c9a..da4398a3a6885d 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -254,6 +254,15 @@ int vsnprintf(char *buf, size_t size, const char *fmt, va_list args)
 				/* 'z' support added 23/7/1999 S.H.    */
 				/* 'z' changed to 'Z' --davidm 1/25/99 */
 
+	/* Reject out-of-range values early */
+	if (unlikely((int) size < 0)) {
+		/* There can be only one.. */
+		static int warn = 1;
+		WARN_ON(warn);
+		warn = 0;
+		return 0;
+	}
+
 	str = buf;
 	end = buf + size - 1;
 
@@ -498,7 +507,7 @@ EXPORT_SYMBOL(snprintf);
  */
 int vsprintf(char *buf, const char *fmt, va_list args)
 {
-	return vsnprintf(buf, 0xFFFFFFFFUL, fmt, args);
+	return vsnprintf(buf, (~0U)>>1, fmt, args);
 }
 
 EXPORT_SYMBOL(vsprintf);
author	Linus Torvalds <torvalds@home.osdl.org>	2004-02-02 21:17:29 -0800
committer	Linus Torvalds <torvalds@home.osdl.org>	2004-02-02 21:17:29 -0800
commit	8eb736645d5ab51b7d1925236309d7cfbd6a90b4 (patch)
tree	1db42e19f8485126e804615d9cd9897840b04671 /lib
parent	236d2f4990e34083f4d455c859a8aaf65b7e7e1e (diff)
download	history-8eb736645d5ab51b7d1925236309d7cfbd6a90b4.tar.gz