Fix potential buffer overflow in ssprintf

If vsnprintf fails for other reasons than too small a buffer, it returns
a negative value. Comparing that with a size_t value promotes the
negative value to unsigned, which makes for a very large result, almost
guaranteed to be larger than the buffer size.
issue1247
Nicolas Hake 2015-02-12 23:55:38 +01:00
parent 95641b5fb0
commit ff263e5433
1 changed files with 3 additions and 1 deletions

View File

@ -167,7 +167,9 @@ inline int ssprintf(char(&str)[N], const char *fmt, ...)
{
va_list args; va_start(args, fmt);
int m = vsnprintf(str, N, fmt, args);
if (m >= N) { m = N-1; str[m] = 0; }
// Quick exit if vsnprintf failed
if (m < 0) return m;
if (static_cast<size_t>(m) >= N) { m = N-1; str[m] = 0; }
return m;
}