vsnprintf_internal() adds 'size' to 'buf' and vsprintf() sets 'size' to 'INT_MAX' which can overflow. This causes sprintf() to fail when initializing the environment on 8GB.
Instead of using 'INT_MAX', we use SIZE_MAX - buf, which is the largest possible string that could fit without overflowing 'size'. Tom Cherry (1): lib/vsprintf.c: fix integer overflow in vsprintf lib/vsprintf.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) -- 2.39.2
