RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-07 22:12:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: tools: make memvprintf() never pass a NULL target to vsnprintf()

Browse Source 
Most modern platforms don't touch the output buffer when the size
argument is null, but there exist a few old ones (like AIX 5 and
possibly Tru64) where the output will be dereferenced anyway, probably
to write the trailing null, crashing the process. memprintf() uses this
to measure the desired length.

There is a very simple workaround to this consisting in passing a pointer
to a character instead of a NULL pointer. It was confirmed to fix the issue
on AIX 5.1.
This commit is contained in:
Willy Tarreau 2019-03-29 19:13:23 +01:00
parent 2231b63887
commit e0609f5f49
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/standard.c
View File

@ -3577,12 +3577,14 @@ char *memvprintf(char **out, const char *format, va_list orig_args)
return NULL;
do {
char buf1;
/* vsnprintf() will return the required length even when the
* target buffer is NULL. We do this in a loop just in case
* intermediate evaluations get wrong.
*/
va_copy(args, orig_args);
needed = vsnprintf(ret, allocated, format, args);
needed = vsnprintf(ret ? ret : &buf1, allocated, format, args);
va_end(args);
if (needed < allocated) {
/* Note: on Solaris 8, the first iteration always