|
|
d9e469 |
From 59f6c44864f914a189cb924dd8fea14cc314bf3f Mon Sep 17 00:00:00 2001
|
|
|
d9e469 |
From: Aristeu Rozanski <arozansk@redhat.com>
|
|
|
d9e469 |
Date: Mon, 23 Jun 2014 15:43:41 -0400
|
|
|
d9e469 |
Subject: [PATCH 1/2] rasdaemon: handle failures of snprintf()
|
|
|
d9e469 |
|
|
|
d9e469 |
Florian Weimer found that in bitfield_msg() the return value of
|
|
|
d9e469 |
snprintf() is used to calculate length ignoring that it can return a
|
|
|
d9e469 |
negative number. This patch makes bitfield_msg() to stop writing in such
|
|
|
d9e469 |
case.
|
|
|
d9e469 |
|
|
|
d9e469 |
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1035741
|
|
|
d9e469 |
|
|
|
d9e469 |
Reported-by: Florian Weimer <fweimer@redhat.com>
|
|
|
d9e469 |
Signed-off-by: Aristeu Rozanski <arozansk@redhat.com>
|
|
|
d9e469 |
---
|
|
|
d9e469 |
bitfield.c | 4 ++++
|
|
|
d9e469 |
1 files changed, 4 insertions(+), 0 deletions(-)
|
|
|
d9e469 |
|
|
|
d9e469 |
diff --git a/bitfield.c b/bitfield.c
|
|
|
d9e469 |
index b2895b4..1690f15 100644
|
|
|
d9e469 |
--- a/bitfield.c
|
|
|
d9e469 |
+++ b/bitfield.c
|
|
|
d9e469 |
@@ -41,6 +41,8 @@ unsigned bitfield_msg(char *buf, size_t len, const char **bitarray,
|
|
|
d9e469 |
if (status & (1 << (i + bit_offset))) {
|
|
|
d9e469 |
if (p != buf) {
|
|
|
d9e469 |
n = snprintf(p, len, ", ");
|
|
|
d9e469 |
+ if (n < 0)
|
|
|
d9e469 |
+ break;
|
|
|
d9e469 |
len -= n;
|
|
|
d9e469 |
p += n;
|
|
|
d9e469 |
}
|
|
|
d9e469 |
@@ -48,6 +50,8 @@ unsigned bitfield_msg(char *buf, size_t len, const char **bitarray,
|
|
|
d9e469 |
n = snprintf(p, len, "BIT%d", i + bit_offset);
|
|
|
d9e469 |
else
|
|
|
d9e469 |
n = snprintf(p, len, "%s", bitarray[i]);
|
|
|
d9e469 |
+ if (n < 0)
|
|
|
d9e469 |
+ break;
|
|
|
d9e469 |
len -= n;
|
|
|
d9e469 |
p += n;
|
|
|
d9e469 |
}
|
|
|
d9e469 |
--
|
|
|
d9e469 |
1.7.1
|
|
|
d9e469 |
|