nicob87 commented on a change in pull request #679: DISPATCH-1566: fix safe_snptrintf URL: https://github.com/apache/qpid-dispatch/pull/679#discussion_r379122619
########## File path: src/router_core/terminus.c ########## @@ -75,24 +76,34 @@ void qdr_terminus_free(qdr_terminus_t *term) free_qdr_terminus_t(term); } - // DISPATCH-1461: snprintf() is evil - it returns >= size on overflow. This // wrapper will never return >= size, even if truncated. This makes it safe to // do pointer & length arithmetic without overflowing the destination buffer in // qdr_terminus_format() // -static inline int safe_snprintf(char *str, size_t size, const char *format, ...) -{ +size_t safe_snprintf(char *str, size_t size, const char *format, ...) { + // max size allowed must be INT_MAX (since vsnprintf reutrns an int) + if (size == 0 || size > INT_MAX) { + //TODO log a warning somewhere? + return 0; + } + int max_possible_return_value = (int)(size - 1); va_list ap; va_start(ap, format); int rc = vsnprintf(str, size, format, ap); va_end(ap); - if (size && rc >= size) - return size - 1; // return actual # of bytes written (excluding null) - return rc; -} + if (rc < 0) { // parsing error! + //TODO log a warning somewhere? + return 0; Review comment: Sharp eyes! ok I will do that change, and also I will add a unit-test for that condition (in the unit-tests pr) ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org